In this section, the term “information security” has the meaning given that term in section 3532(b)(1) [1] of title 44.
Standards promulgated under subparagraph (A) shall include—
Standards promulgated under subparagraph (A) shall include—
(A) Requirement.— Except as provided under paragraph (2), the Director of the Office of Management and Budget shall, on the basis of proposed standards developed by the National Institute of Standards and Technology pursuant to paragraphs (2) and (3) of section 20(a) of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3(a)) and in consultation with the Secretary of Homeland Security, promulgate information security standards pertaining to Federal information systems.
(B) Required standards.—Standards promulgated under subparagraph (A) shall include— (i) standards that provide minimum information security requirements as determined under section 20(b) of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3(b)); and (ii) such standards that are otherwise necessary to improve the efficiency of operation or security of Federal information systems.
(C) Required standards binding.— Information security standards described under subparagraph (B) shall be compulsory and binding.
(2) Standards and guidelines for national security systems.— Standards and guidelines for national security systems, as defined under section 3532(3) 1 of title 44, shall be developed, promulgated, enforced, and overseen as otherwise authorized by law and as directed by the President.
The head of an agency may employ standards for the cost-effective information security for all operations and assets within or under the supervision of that agency that are more stringent than the standards promulgated by the Director under this section, if such standards—
(1) contain, at a minimum, the provisions of those applicable standards made compulsory and binding by the Director; and
(2) are otherwise consistent with policies and guidelines issued under section 3533 1 of title 44.
The decision regarding the promulgation of any standard by the Director under subsection (b) shall occur not later than 6 months after the submission of the proposed standard to the Director by the National Institute of Standards and Technology, as provided under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3).
(1) Deadline.— The decision regarding the promulgation of any standard by the Director under subsection (b) shall occur not later than 6 months after the submission of the proposed standard to the Director by the National Institute of Standards and Technology, as provided under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3).
(2) Notice and comment.— A decision by the Director to significantly modify, or not promulgate, a proposed standard submitted to the Director by the National Institute of Standards and Technology, as provided under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3), shall be made after the public is given an opportunity to comment on the Director’s proposed decision.
(Pub. L. 107–217, Aug. 21, 2002, 116 Stat. 1243; Pub. L. 107–296, title X, § 1002(a), Nov. 25, 2002, 116 Stat. 2268; Pub. L. 107–347, title III, § 302(a), Dec. 17, 2002, 116 Stat. 2956.)
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal plans you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with easy access to affordable legal services through a network of independent law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our network law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your network law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal plans, and access to the LegalFix networks of law firms are subject to the LegalFix Terms of Service and Privacy Policy.