Skip to main content
S 3600 117th Congress Senate Government Operations and Politics Administrative law and regulatory procedures Advisory bodies Civil actions and liability Computer security and identity theft Computers and information technology Congressional oversight Criminal investigation, prosecution, interrogation Department of Homeland Security Employment and training programs Executive agency funding and structure Federal officials Government employee pay, benefits, personnel management Government information and archives Government studies and investigations Infrastructure development Performance measurement Public contracts and procurement Right of privacy Technology assessment

Strengthening American Cybersecurity Act of 2022

Introduced: February 8, 2022 Introduced by: Peters, Gary C. Democratic · Michigan See on congress.gov
Sign in to write a letter Sign in to watch
 Everywhere this bill has been 9 steps
Introduced
In committee
Reported out
Passed House
Passed Senate
To President
Became law
Mar 2, 2022
Held at the desk.
Mar 2, 2022
Received in the House.
Mar 2, 2022
Message on Senate action sent to the House.
Mar 1, 2022
Passed Senate with amendments by Unanimous Consent. (text: CR S897-919)
Mar 1, 2022
Passed/agreed to in Senate: Passed Senate with amendments by Unanimous Consent.
Mar 1, 2022
Measure laid before Senate by unanimous consent. (consideration: CR S896-919)
Feb 9, 2022
Read the second time. Placed on Senate Legislative Calendar under General Orders. Calendar No. 265.
Feb 8, 2022
Introduced in the Senate. Read the first time. Placed on Senate Legislative Calendar under Read the First Time.
Feb 8, 2022
Introduced in Senate
 Plain-English summary Congressional Research Service

Strengthening American Cybersecurity Act of 2022

This bill addresses cybersecurity threats against critical infrastructure and the federal government.

The Cybersecurity and Infrastructure Security Agency (CISA) must perform ongoing and continuous assessments of federal risk posture.

An agency, within a specified time frame, must (1) determine whether notice to any individual potentially affected by a breach is appropriate based on a risk assessment; and (2) as appropriate, provide written notice to each individual potentially affected.

Each agency must (1) provide information relating to a major incident to specified parties, and (2) develop specified training for individuals with access to federal information or information systems.

The bill requires reporting and other actions to address cybersecurity incidents.

Entities that own or operate critical infrastructure must report cyber incidents and ransom payments within specified time frames.

The bill limits the use and disclosure of reported information.

The bill establishes (1) an interagency council to standardize federal reporting of cybersecurity threats, (2) a task force on ransomware attacks, and (3) a pilot program to identify information systems vulnerable to such attacks.

The bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud computing products and services.

The bill establishes a FedRAMP Board to examine the operations of FedRAMP and the Federal Secure Cloud Advisory Committee.

What's happening now March 2, 2022

Held at the desk.

 Cosponsors 10
All 10 Democratic 6 Republican 3 Independent 1