[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 2520 Enrolled Bill (ENR)]

        S.2520

                    One Hundred Seventeenth Congress

                                 of the

                        United States of America


                          AT THE SECOND SESSION

           Begun and held at the City of Washington on Monday,
          the third day of January, two thousand and twenty two


                                 An Act


 
 To amend the Homeland Security Act of 2002 to provide for engagements 
 with State, local, Tribal, and territorial governments, and for other 
                                purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
    This Act may be cited as the ``State and Local Government 
Cybersecurity Act of 2021''.
SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.
    Subtitle A of title XXII of the Homeland Security Act of 2002 (6 
U.S.C. 651 et seq.) is amended--
        (1) in section 2201 (6 U.S.C. 651), by adding at the end the 
    following:
        ``(7) SLTT entity.--The term `SLTT entity' means a domestic 
    government entity that is a State government, local government, 
    Tribal government, territorial government, or any subdivision 
    thereof.''; and
        (2) in section 2209 (6 U.S.C. 659)--
            (A) in subsection (c)(6), by inserting ``operational and'' 
        before ``timely'';
            (B) in subsection (d)(1)(E), by inserting ``, including an 
        entity that collaborates with election officials,'' after 
        ``governments''; and
            (C) by adding at the end the following:
    ``(p) Coordination on Cybersecurity for SLTT Entities.--
        ``(1) Coordination.--The Center shall, upon request and to the 
    extent practicable, and in coordination as appropriate with Federal 
    and non-Federal entities, such as the Multi-State Information 
    Sharing and Analysis Center--
            ``(A) conduct exercises with SLTT entities;
            ``(B) provide operational and technical cybersecurity 
        training to SLTT entities to address cybersecurity risks or 
        incidents, with or without reimbursement, related to--
                ``(i) cyber threat indicators;
                ``(ii) defensive measures;
                ``(iii) cybersecurity risks;
                ``(iv) vulnerabilities; and
                ``(v) incident response and management;
            ``(C) in order to increase situational awareness and help 
        prevent incidents, assist SLTT entities in sharing, in real 
        time, with the Federal Government as well as among SLTT 
        entities, actionable--
                ``(i) cyber threat indicators;
                ``(ii) defensive measures;
                ``(iii) information about cybersecurity risks; and
                ``(iv) information about incidents;
            ``(D) provide SLTT entities notifications containing 
        specific incident and malware information that may affect them 
        or their residents;
            ``(E) provide to, and periodically update, SLTT entities 
        via an easily accessible platform and other means--
                ``(i) information about tools;
                ``(ii) information about products;
                ``(iii) resources;
                ``(iv) policies;
                ``(v) guidelines;
                ``(vi) controls; and
                ``(vii) other cybersecurity standards and best 
            practices and procedures related to information security, 
            including, as appropriate, information produced by other 
            Federal agencies;
            ``(F) work with senior SLTT entity officials, including 
        chief information officers and senior election officials and 
        through national associations, to coordinate the effective 
        implementation by SLTT entities of tools, products, resources, 
        policies, guidelines, controls, and procedures related to 
        information security to secure the information systems, 
        including election systems, of SLTT entities;
            ``(G) provide operational and technical assistance to SLTT 
        entities to implement tools, products, resources, policies, 
        guidelines, controls, and procedures on information security;
            ``(H) assist SLTT entities in developing policies and 
        procedures for coordinating vulnerability disclosures 
        consistent with international and national standards in the 
        information technology industry; and
            ``(I) promote cybersecurity education and awareness through 
        engagements with Federal agencies and non-Federal entities.
    ``(q) Report.--Not later than 1 year after the date of enactment of 
this subsection, and every 2 years thereafter, the Secretary shall 
submit to the Committee on Homeland Security and Governmental Affairs 
of the Senate and the Committee on Homeland 

  
Security of the House of Representatives a report on the services and 
capabilities that the Agency directly and indirectly provides to SLTT 
entities.''.

                               Speaker of the House of Representatives.

                            Vice President of the United States and    
                                               President of the Senate.