<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/css" href="uslm.css"?><statuteCompilation xmlns="http://schemas.gpo.gov/xml/uslm" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:gpo="http://www.gpo.gov/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.gpo.gov/xml/uslm https://www.govinfo.gov/schemas/xml/uslm/uslm-2.0.10.xsd" xml:lang="en" style="-uslm-dtd:statute">
    <meta style="-uslm-dtd:compilation-act-form">
        <dc:title>STB Information Security Improvement Act</dc:title>
        <citableAs>Public Law 115–269</citableAs>
        <citableAsShortTitle>STB Information Security Improvement Act</citableAsShortTitle>
        <docNumber>269</docNumber>
        <currentThroughPublicLaw>115–269</currentThroughPublicLaw>
        <dc:type>Statute Compilation</dc:type>
        <dc:creator>United States House of Representatives</dc:creator>
        <dc:creator>Office of the Legislative Counsel</dc:creator>
        <dc:format>text/xml</dc:format>
        <dc:language>EN</dc:language>
        <dc:rights>Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.</dc:rights>
        <processedBy>GPO Statute Compilations USLM converter, version 20210527.1</processedBy>
        <processedDate>2021-10-15</processedDate>
        <containsShortTitle>STB Information Security Improvement Act</containsShortTitle>
        <property role="fileId">14306</property>
        <congress>115</congress>
        <approvedDate>2018-10-16</approvedDate>
    </meta>
    <preface style="-uslm-dtd:compilation-act-form">
        <property style="-uslm-dtd:comp-short-title" role="compShortTitle">STB Information Security Improvement Act</property>
        <citationNote style="-uslm-dtd:public-law">[(<citableAs>Public Law 115–269</citableAs>)]</citationNote>
        <editionNote style="-uslm-dtd:updated-through-note">[This law has not been amended]</editionNote>
        <explanationNote style="-uslm-dtd:explanatory-note"><b>[</b>Currency: This publication is a compilation of the text of Public Law 115–269. It was last amended by the public law listed in the As Amended Through note above and below at the bottom of each page of the pdf version and reflects current law through the date of the enactment of the public law listed at https://www.govinfo.gov/app/collection/comps/<b>]</b></explanationNote>
        <explanationNote style="-uslm-dtd:explanatory-note"><b>[</b>Note: While this publication does  not represent an official version of any Federal statute, substantial efforts have been made to ensure the accuracy of its contents. The official version of Federal law is found in the United States Statutes at Large and in the United States Code. The legal effect to be given to the Statutes at Large and the United States Code is established by statute (1 U.S.C. 112, 204).<b>]</b></explanationNote>
    </preface>
    <main style="-uslm-dtd:legis-body"><longTitle><docTitle style="-uslm-dtd:legis-type">AN ACT</docTitle><officialTitle style="-uslm-dtd:official-title">To require the Surface Transportation Board to implement certain recommendations of the Inspector General of the Department of Transportation.</officialTitle></longTitle><enactingFormula style="-uslm-dtd:enacting-clause">Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,</enactingFormula>
        <section style="-uslm-dtd:section" identifier="/us/sComp/115/269/s1" styleType="OLC">
            <num style="-uslm-dtd:enum" value="1">SECTION 1. </num><heading style="-uslm-dtd:header">SHORT TITLE. </heading><content style="-uslm-dtd:text">This Act may be cited as the “<shortTitle style="-uslm-dtd:quote">STB Information Security Improvement Act</shortTitle>”.</content>
        </section>
        <section style="-uslm-dtd:section" identifier="/us/sComp/115/269/s2" styleType="OLC">
            <num style="-uslm-dtd:enum" value="2">SEC. 2. </num><heading style="-uslm-dtd:header">REQUIREMENTS. </heading>
            <subsection style="-uslm-dtd:subsection" identifier="/us/sComp/115/269/s2/a" styleType="OLC">
                <num style="-uslm-dtd:enum" value="a">(a) </num><heading style="-uslm-dtd:header">In General.—</heading><chapeau style="-uslm-dtd:text">The Surface Transportation Board (in this section referred to as the “STB”) shall develop a timeline and plan to implement the recommendations of the Inspector General of the Department of Transportation in Report No. FI2018002, including improvements—</chapeau>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/a/1" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="1">(1) </num><content style="-uslm-dtd:text">to identify controls, including risk management, weakness remediation, and security authorization;</content>
                </paragraph>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/a/2" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="2">(2) </num><content style="-uslm-dtd:text">to protect controls, including configuration management, user identity and access management, and security training;</content>
                </paragraph>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/a/3" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="3">(3) </num><content style="-uslm-dtd:text">to detect controls, including continuous monitoring;</content>
                </paragraph>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/a/4" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="4">(4) </num><content style="-uslm-dtd:text">to respond controls, including incident handling and reporting;</content>
                </paragraph>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/a/5" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="5">(5) </num><content style="-uslm-dtd:text">to recover controls for contingency planning; and</content>
                </paragraph>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/a/6" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="6">(6) </num><content style="-uslm-dtd:text">any additional tools that will improve the implementation of the recommendations.</content>
                </paragraph>
            </subsection>
            <subsection style="-uslm-dtd:subsection" identifier="/us/sComp/115/269/s2/b" styleType="OLC">
                <num style="-uslm-dtd:enum" value="b">(b) </num><heading style="-uslm-dtd:header">Implementation.—</heading>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/b/1" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="1">(1) </num><heading style="-uslm-dtd:header">In general.—</heading><content style="-uslm-dtd:text">Not later than 180 days after the date of enactment of this Act, the STB shall submit the plan and timeline developed under subsection (a) to the Committee on Transportation and Infrastructure of the House of Representatives and the Committee on Commerce of the Senate.</content>
                </paragraph>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/b/2" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="2">(2) </num><heading style="-uslm-dtd:header">Report.—</heading><content style="-uslm-dtd:text">The STB shall report annually to such Committees on the progress on implementation of the recommendations until the implementation is complete.</content>
                </paragraph>
                <paragraph style="-uslm-dtd:paragraph" identifier="/us/sComp/115/269/s2/b/3" styleType="OLC">
                    <num style="-uslm-dtd:enum" value="3">(3) </num><heading style="-uslm-dtd:header">Plan implementation.—</heading><content style="-uslm-dtd:text">The STB shall designate an individual to implement the plan developed under subsection (a).</content>
                </paragraph>
            </subsection>
        </section>
        <section style="-uslm-dtd:section" identifier="/us/sComp/115/269/s3" styleType="OLC">
            <num style="-uslm-dtd:enum" value="3">SEC. 3. </num><heading style="-uslm-dtd:header">NO ADDITIONAL FUNDS AUTHORIZED. </heading><content style="-uslm-dtd:text">No additional funds are authorized to carry out the requirements of this Act. Such requirements shall be carried out using amounts otherwise authorized.</content>
        </section>
    </main>
</statuteCompilation>
