[115th Congress Public Law 269]
[From the U.S. Government Publishing Office]



[[Page 132 STAT. 3763]]

Public Law 115-269
115th Congress

                                 An Act


 
    To require the Surface Transportation Board to implement certain 
     recommendations of the Inspector General of the Department of 
         Transportation. <<NOTE: Oct. 16, 2018 -  [H.R. 4921]>> 

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled, <<NOTE: STB Information 
Security Improvement Act.>> 
SECTION 1. SHORT TITLE.

    This Act may be cited as the ``STB Information Security Improvement 
Act''.
SEC. 2. REQUIREMENTS.

    (a) <<NOTE: Timeline. Plan.>> In General.--The Surface 
Transportation Board (in this section referred to as the ``STB'') shall 
develop a timeline and plan to implement the recommendations of the 
Inspector General of the Department of Transportation in Report No. 
FI2018002, including improvements--
            (1) to identify controls, including risk management, 
        weakness remediation, and security authorization;
            (2) to protect controls, including configuration management, 
        user identity and access management, and security training;
            (3) to detect controls, including continuous monitoring;
            (4) to respond controls, including incident handling and 
        reporting;
            (5) to recover controls for contingency planning; and
            (6) any additional tools that will improve the 
        implementation of the recommendations.

    (b) Implementation.--
            (1) <<NOTE: Deadline.>> In general.--Not later than 180 days 
        after the date of enactment of this Act, the STB shall submit 
        the plan and timeline developed under subsection (a) to the 
        Committee on Transportation and Infrastructure of the House of 
        Representatives and the Committee on Commerce of the Senate.
            (2) Report.--The STB shall report annually to such 
        Committees on the progress on implementation of the 
        recommendations until the implementation is complete.
            (3) <<NOTE: Designation.>> Plan implementation.--The STB 
        shall designate an individual to implement the plan developed 
        under subsection (a).

[[Page 132 STAT. 3764]]

SEC. 3. NO ADDITIONAL FUNDS AUTHORIZED.

    No additional funds are authorized to carry out the requirements of 
this Act. Such requirements shall be carried out using amounts otherwise 
authorized.

    Approved October 16, 2018.

LEGISLATIVE HISTORY--H.R. 4921:
---------------------------------------------------------------------------

HOUSE REPORTS: No. 115-622 (Comm. on Transportation and Infrastructure).
CONGRESSIONAL RECORD, Vol. 164 (2018):
            Apr. 10, considered and passed House.
            Oct. 1, considered and passed Senate.

                                  <all>