[Congressional Record (Bound Edition), Volume 161 (2015), Part 12]
[House]
[Pages 16300-16301]
[From the U.S. Government Publishing Office, www.gpo.gov]




             QUARTERLY FINANCIAL REPORT REAUTHORIZATION ACT

  Mr. CHAFFETZ. Madam Speaker, I ask unanimous consent to take from the 
Speaker's table the bill (H.R. 3116) to extend by 15 years the 
authority of the Secretary of Commerce to conduct the quarterly 
financial report program, with the Senate amendment thereto, and concur 
in the Senate amendment.
  The Clerk read the title of the bill.
  The SPEAKER pro tempore. The Clerk will report the Senate amendment.
  The Clerk read as follows:
  Senate amendment:

       At the appropriate place, insert the following:

     SEC. 3. REPORT ON DATA SECURITY PROCEDURES OF THE BUREAU OF 
                   THE CENSUS.

       (a) Review.--The Secretary of Commerce shall conduct a 
     review of the data security procedures of the Bureau of the 
     Census, including such procedures that have been implemented 
     since the data breaches of systems of the Office of Personnel 
     Management were announced in 2015.
       (b) Report.--
       (1) Requirement.--Not later than 90 days after the date of 
     the enactment of this Act, the

[[Page 16301]]

     Secretary of Commerce shall submit to the Committee on 
     Homeland Security and Governmental Affairs of the Senate and 
     the Committee on Oversight and Government Reform of the House 
     of Representatives a report on the review required by 
     subsection (a).
       (2) Contents.--The report required by paragraph (1) shall--
       (A) identify all information systems of the Bureau of the 
     Census that contain sensitive information;
       (B) described any actions carried out by the Secretary of 
     Commerce or the Director of the Bureau of the Census to 
     secure sensitive information that have been implemented since 
     the data breaches of systems of the Office of Personnel 
     Management were announced in 2015;
       (C) identify any known data breaches of information systems 
     of the Bureau of the Census that contain sensitive 
     information; and
       (D) identify whether the Bureau of the Census stores any 
     information that, if combined with other such information, 
     would comprise classified information.

  Mr. CHAFFETZ (during the reading). Madam Speaker, I ask unanimous 
consent to dispense with the reading.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Utah?
  There was no objection.
  The SPEAKER pro tempore. Is there objection to the original request 
of the gentleman from Utah?
  There was no objection.
  A motion to reconsider was laid on the table.


                             General Leave

  Mr. CHAFFETZ. Madam Speaker, I ask unanimous consent to submit for 
the Record a letter from John Thompson, Director of the Census Bureau, 
to Chairman McCaul, myself, and others, indicating the Bureau will 
comply with FISMA when developing the report required by H.R. 3116 and 
will continue to work with the Secretary of Homeland Security and 
others to secure the Bureau's network.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Utah?
  There was no objection.

         United States Department of Commerce, Economics and 
           Statistics Administration, U.S. Census Bureau,
                                 Washington, DC, October 20, 2015.
     Hon. Michael McCaul,
     Chairman, Committee on Homeland Security,
     House of Representatives,
     Washington, DC.
       Dear Mr. Chairman: This correspondence is regarding the 
     U.S. Census Bureau's compliance with the Federal Information 
     Security Management Act (FISMA) and the provisions of Senate 
     Amendment (S. Admt.) 2710 to H.R. 3116. The Census Bureau is 
     compliant at this time with the requirements of FISMA, and is 
     working with the Secretary of Commerce and the Secretary of 
     Homeland Security to provide information on the data security 
     procedures required by S. Admt. 2710.
       We have implemented a formal risk management program in 
     accordance with the National Institute of Standards and 
     Technology (NIST) Special Publication 800-37r1. All of the 
     FISMA reportable systems supporting the Census Bureau are 
     continually assessed per this guidance and all have a current 
     Authorization to Operate. In addition, the Census Bureau is 
     currently behind a Managed Trusted Internet Protocol Service 
     (MTIPS) provider and is protected by the Department of 
     Homeland Security (DHS) Einstein 1 and 2, which looks at 
     network flow information and network intrusion detection. The 
     Census Bureau is engaged with DHS and MTIPS provider to move 
     behind Einstein 3 Accelerated (E3A) as soon as the DHS and 
     our MTIPS say they are ready. This will give us the added 
     cybersecurity analysis, situational awareness and security 
     response capabilities for DHS to augment our efforts.
       The Census Bureau also is actively engaged with the 
     Department of Commerce to implement Phase 2C of the 
     Continuous Diagnostics and Mitigation (CDM) program by the 
     end of calendar year 2016. This will provide us the 
     capability to identify cybersecurity risks more efficiently 
     and prioritize the risks based on potential impacts. The 
     initial meeting with DHS and the service provider took place 
     on October 15. 2015. The Census Bureau reports regularly on 
     this and other aspects of its cybersecurity program to the 
     Department of Commerce, Office of Management and Budget, and 
     DHS.
       Please know that the security of our respondents' 
     information is paramount at the Census Bureau. We take 
     seriously our responsibility to honor privacy and protect 
     confidentiality. We will continue to work with the Department 
     of Commerce and DHS to implement effective data security 
     procedures and ensure compliance with FISMA requirements.
           Thank you.
                                                 John H. Thompson,
     Director.

                          ____________________