[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 280 Introduced in House (IH)]

<DOC>






118th CONGRESS
  1st Session
                                H. R. 280

  To require the Secretary of Homeland Security to submit a report on 
        cyber vulnerability disclosures, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            January 11, 2023

 Ms. Jackson Lee introduced the following bill; which was referred to 
                   the Committee on Homeland Security

_______________________________________________________________________

                                 A BILL


 
  To require the Secretary of Homeland Security to submit a report on 
        cyber vulnerability disclosures, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Vulnerability Disclosure 
Reporting Act''.

SEC. 2. REPORT ON CYBER VULNERABILITIES.

    (a) Report.--Not later than 240 days after the date of the 
enactment of this Act, the Secretary of Homeland Security shall submit 
to the Committee on Homeland Security of the House of Representatives 
and the Committee on Homeland Security and Governmental Affairs of the 
Senate a report that contains a description of the policies and 
procedures developed for coordinating cyber vulnerability disclosures, 
in accordance with section 2209(m) of the Homeland Security Act of 2002 
(6 U.S.C. 659(m)). To the extent possible, such report shall include an 
annex with information on instances in which such policies and 
procedures were used to disclose cyber vulnerabilities in the year 
prior to the date such report is required and, where available, 
information on the degree to which such information was acted upon by 
industry and other stakeholders. Such report may also contain a 
description of how the Secretary is working with other Federal entities 
and critical infrastructure owners and operators to prevent, detect, 
and mitigate cyber vulnerabilities.
    (b) Form.--The report required under subsection (b) shall be 
submitted in unclassified form but may contain a classified annex.
                                 <all>