US S1869

Bill

A bill to improve federal network security and authorize and enhance an existing intrusion detection and prevention system for civilian federal networks.

Introduced
07/27/2015

In Committee
07/29/2015

Crossed Over

Passed

Dead
01/03/2017

Introduced Session

114th Congress

Bill Summary

A bill to improve Federal network security and authorize and enhance an existing intrusion detection and prevention system for civilian Federal networks. Amends the Homeland Security Act of 2002 to require the Department of Homeland Security (DHS), in coordination with the Office of Management and Budget (OMB), to implement an intrusion assessment plan to identify and remove intruders in federal agency information systems. Directs DHS to deploy and operate, for use by other agencies, capabilities to detect and prevent or remove cybersecurity risks in network traffic transiting or traveling to or from agency information systems. Authorizes the DHS Secretary to access, and agency heads to disclose to the Secretary, information transiting agency systems, regardless of the location from which the information is accessed, notwithstanding any laws that would otherwise restrict or prevent such disclosures. Requires agencies to utilize such capabilities and adopt subsequent improvements. Provides liability protections to private entities authorized to assist the Secretary with such capabilities. Terminates authority for such capabilities seven years after enactment of this Act. Requires DHS to include in the Continuous Diagnostics and Mitigation Program advanced network security tools to improve visibility of network activity to detect and mitigate intrusions and anomalous activity. Directs the OMB to implement a plan to ensure that agencies utilize such advanced tools. Directs DHS to collaborate with the OMB to update government information security metrics to include measures of intrusion and incident detection and response times. Requires the OMB to display additional agency metrics on federal government performance websites. Authorizes DHS, upon an agency's request, to operate and maintain technology that is deployed to agencies to diagnose and mitigate against cyber threats and vulnerabilities. Requires agencies to: (1) encrypt sensitive and mission critical data, (2) implement single sign-on trusted identity platforms for public websites, and (3) implement multifactor authentication standards for remote access to agency systems. Excludes the Department of Defense and the intelligence community from procedures of this Act.

AI Summary

This bill aims to bolster the cybersecurity of civilian federal networks by enhancing an existing intrusion detection and prevention system managed by the Department of Homeland Security (DHS). It mandates that DHS, in collaboration with the Office of Management and Budget (OMB), create a plan to find and remove unauthorized individuals from federal agency computer systems. DHS will deploy and operate technology to identify and block cyber threats in network traffic going to or from these systems, and agency leaders will be required to share necessary information with DHS, even if it would normally be restricted by law. Agencies must use these new capabilities and adopt future improvements, while private companies assisting DHS will receive protection from lawsuits. The bill also requires DHS to integrate advanced network security tools into its Continuous Diagnostics and Mitigation Program to better detect and address intrusions, and OMB will develop a plan to ensure agencies use these tools. Furthermore, DHS and OMB will update government cybersecurity performance metrics to include intrusion detection and response times, with OMB displaying these metrics publicly. DHS will also be authorized to manage and maintain diagnostic and threat mitigation technology deployed to agencies. Agencies will be required to encrypt sensitive data, implement single sign-on for public websites, and use multi-factor authentication for remote access, with exceptions for the Department of Defense and the intelligence community. The authority for these new capabilities will expire seven years after the bill becomes law.

Committee Categories

Military Affairs and Security

Sponsors (2)

Tom Carper (D)*, Ron Johnson (R),

Last Action

Placed on Senate Legislative Calendar under General Orders. Calendar No. 673. (on 11/17/2016)

Official Document

https://www.congress.gov/bill/114th-congress/senate-bill/1869/all-info

(2 Companion Bills)

Version:

Document Type	Source Location
State Bill Page	https://www.congress.gov/bill/114th-congress/senate-bill/1869/all-info
BillText	https://www.congress.gov/114/bills/s1869/BILLS-114s1869is.pdf
BillText	https://www.congress.gov/114/bills/s1869/BILLS-114s1869rs.pdf
Bill	https://www.congress.gov/114/bills/s1869/BILLS-114s1869rs.pdf.pdf
Bill	https://www.congress.gov/114/bills/s1869/BILLS-114s1869is.pdf.pdf
BillText	http://gpo.gov/fdsys/pkg/BILLS-114s1869is/pdf/BILLS-114s1869is.pdf
Bill	http://gpo.gov/fdsys/pkg/BILLS-114s1869is/pdf/BILLS-114s1869is.pdf.pdf

Bill	Bill Name	Last Action	Type
HR2029	Military Construction and Veterans Affairs and Related Agencies Appropriations Act, 2016	Became Public Law No: 114-113. (TXT \| PDF)	Related
S754	Cybersecurity Information Sharing Act of 2015 Federal Cybersecurity Enhancement Act of 2015 Federal Cybersecurity Workforce Assessment Act of 2015 Short Titles as Reported to Senate: Cybersecurity Information Sharing Act of 2015	Held at the desk.	Related

Bill > S1869

summary

Introduced Session

Bill Summary

AI Summary

Committee Categories

Sponsors (2)

Last Action

Official Document

bill text

bill summary

bill summary

bill summary