GovTrack’s Bill Summary
We don’t have a summary available yet.
We don’t have a summary available yet.
The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.
The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.
This summary can be found at http://www.gop.gov/bill/113/1/hr1163.
Cybersecurity threats have significant national security and economic consequences, and the risks are rapidly and continuously evolving. According to the Government Accountability Office (GAO), federal agencies have experienced a “dramatic increase in reports of security incidents,” with the total number of reported cybersecurity incidents increasing by 782 percent from 2006 to 2012.
The Federal Information Security Management Act of 2002 (FISMA), which became Title III of the E-Government Act of 2002, tasked each federal agency with implementing security controls over information that supports federal operations and assets. In addition, FISMA gave the Director of the OMB authority for overseeing the agencies’ information security policies and practices. Since FISMA was enacted, compliance has become more of a routine formality than a rigorous means of enhancing security. H.R. 1163 was introduced to update FISMA to account for the technological developments since its enactment, and to enhance “real-time” cybersecurity.
The House passed identical legislation (H.R. 4257) in the 112th Congress on April 26, 2012 by a voice vote, but the Senate did not take up the measure.
 U.S. Government Accountability Office, Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented, Feb. 2013, http://www.gao.gov/assets/660/652170.pdf.
 See PL 107-347.
H.R. 1163 enhances the Federal Information Security Management Act of 2002 (FISMA) by improving the framework for securing federal information technology (IT) systems. The bill establishes stronger oversight of federal agency IT systems by focusing on “automated and continuous monitoring” of cybersecurity threats and by regular “threat assessments.” In addition, H.R. 1163 reaffirms the authority of the Director of the Office of Management and Budget (OMB) to oversee agency information and security policies and practices. By permitting some flexibility, though, H.R. 1163 continues to allow DHS, under the direction of OMB, to exercise responsibility within the executive branch for many of the operational aspects of FISMA. This is done while allowing the Executive Office of the President to be held firmly accountable for ensuring that individual agencies meet the new standards.
H.R. 1163 expands the security requirements of federal agencies, and directs senior agency officials—with a frequency sufficient to support risk-based security decisions—to 1) test and evaluate information security controls, and 2) conduct threat assessments by monitoring information systems and identifying potential vulnerabilities. Current law requires only periodic testing and evaluation.
H.R. 1163 directs agencies to collaborate with OMB and appropriate public and private sector security operations centers on security incidents that go beyond the control of an agency. The bill also requires that security incidents be reported, through an automated and continuous monitoring capability when possible, to the federal information security incident center, appropriate security operations centers, and agency Inspector General.
The bill requires the head of each agency to designate a Chief Information Security Officer, who has the authority and primary responsibility to develop, implement and oversee an agency-wide information security program, to ensure and enforce compliance with the requirements imposed on the agency. This designation is already made by some agencies, but H.R. 1163 would make it uniform across the federal government.
The CBO estimates that implementing H.R. 1163 would cost $620 million over the 2014-2018 period, assuming that the necessary amounts are made available from appropriated funds. Enacting the bill would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply. For more information, see CBO’s cost estimate on H.R. 1163.
The House Democratic Caucus does not provide summaries of bills.
So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.
We’ll be looking for a source of summaries from the other side in the meanwhile.
The bill contains the following citations to other parts of U.S. law:
Slip laws refer to enacted bills and joint resolutions in their original form as enacted by Congress, that is, before other laws amend them. Slip laws are cited as “Public Law XXX-YYY”, where XXX is the number of the Congress in which the bill or resolution was introduced.
The United States Code is the compilation of permanent laws enacted by Congress. Temporary and other non-permanent laws do not appear in the United States Code. (About half of the United States Code is the law itself, called positive law. The other half is merely a compilation of the laws but has no legal significance.)