Skip to main content
HR 6497 117th Congress House Government Operations and Politics Administrative law and regulatory procedures Advisory bodies Computer security and identity theft Computers and information technology Congressional oversight Criminal investigation, prosecution, interrogation Department of Homeland Security Employment and training programs Executive agency funding and structure Federal officials Government employee pay, benefits, personnel management Government information and archives Government studies and investigations Infrastructure development Internet, web applications, social media Office of Management and Budget (OMB) Performance measurement Public contracts and procurement Right of privacy

Federal Information Security Modernization Act of 2022

Introduced: January 25, 2022 See on congress.gov
Sign in to write a letter Sign in to watch
 Everywhere this bill has been 4 steps
Introduced
In committee
Reported out
Passed House
Passed Senate
To President
Became law
Feb 2, 2022
Ordered to be Reported (Amended) by Voice Vote.
Feb 2, 2022
Committee Consideration and Mark-up Session Held.
Jan 25, 2022
Referred to the Committee on Oversight and Reform, and in addition to the Committee on Science, Space, and Technology, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Jan 25, 2022
Introduced in House
 Plain-English summary Congressional Research Service

Federal Information Security Modernization Act of 2022

This bill addresses federal information security management, notification and remediation of cybersecurity incidents, and the roles of the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA).

CISA must perform, on an ongoing and continuous basis, assessments of federal risk posture. The bill requires evaluation by each agency of whether additional cybersecurity procedures are appropriate at least once every three years.

An agency, as expeditiously as practicable and without unreasonable delay, and within 45 days after it has a reasonable basis to conclude that a breach has occurred, must (1) determine whether notice to any individual potentially affected by the breach is appropriate based on a risk assessment; and (2) as appropriate, provide written notice to each individual potentially affected. Notification may be delayed under specified circumstances.

Each agency must provide any information relating to a major incident to CISA, the OMB, the Office of the National Cyber Director, the agency's office of inspector general, the Government Accountability Office, and Congress.

An agency's contractors and grant recipients must notify the agency of an incident involving federal information within a specified time frame.

Each agency shall develop training for individuals at the agency with access to federal information or information systems on how to identify and respond to an incident.

CISA must establish a program to provide ongoing, hypothesis-driven threat-hunting services on the network of each agency.

The bill establishes specified pilot programs to enhance federal cybersecurity.

What's happening now February 2, 2022

Ordered to be Reported (Amended) by Voice Vote.

 Committees of jurisdiction 2
 Cosponsors 10
All 10 Democratic 6 Republican 4