H.R. 1163: Federal Information Security Amendments Act of 2013

Mar 14, 2013
Passed House
28% chance of being enacted
Track this bill
Darrell Issa
Representative for California's 49th congressional district
Read Text »
Last Updated
Apr 17, 2013
27 pages
Related Bills
H.R. 4257 (112th) was a previous version of this bill.

Passed House
Last Action: Apr 26, 2012

H.R. 3032 (Related)
Executive Cyberspace Coordination Act of 2013

Referred to Committee
Last Action: Aug 02, 2013


This bill passed in the House on April 16, 2013 and goes to the Senate next for consideration.

Introduced Mar 14, 2013
Referred to Committee Mar 14, 2013
Reported by Committee Mar 20, 2013
Passed House Apr 16, 2013
Passed Senate ...
Signed by the President ...

28% chance of being enacted.

Only about 23% of bills that made it past committee in 2011–2013 were enacted. [show factors | methodology]

Full Title

To amend chapter 35 of title 44, United States Code, to revise requirements relating to Federal information security, and for other purposes.


No summaries available.

On Motion to Suspend the Rules and Pass
Apr 16, 2013 2:05 p.m.
Passed 416/0

5 cosponsors (3D, 2R) (show)

House Homeland Security

House Oversight and Government Reform

Senate Homeland Security and Governmental Affairs

The committee chair determines whether a bill will move past the committee stage.

Primary Source

THOMAS.gov (The Library of Congress)

GovTrack gets most information from THOMAS, which is updated generally one day after events occur. Activity since the last update may not be reflected here. Data comes via the congress project.


Get a bill status widget for your website »


Click a format for a citation suggestion:


H.R. stands for House of Representatives bill.

A bill must be passed by both the House and Senate in identical form and then be signed by the president to become law.

The bill’s title was written by its sponsor.

GovTrack’s Bill Summary

We don’t have a summary available yet.

Library of Congress Summary

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.

4/16/2013--Reported to House amended.
Federal Information Security Amendments Act of 2013 -
Section 2 -
Amends the Federal Information Security Management Act of 2002 (FISMA) to reestablish the oversight authority of the Director of the Office of Management and Budget (OMB) with respect to agency information and security policies and practices.
Extends the security requirements of federal agencies to include responsibilities for:
(1) complying with computer standards developed by the National Institute of Standards and Technology (NIST);
(2) ensuring complementary and uniform standards for information systems and national security systems;
(3) ensuring that information security management processes are integrated with budget processes;
(4) securing facilities for classified information;
(5) maintaining sufficient personnel with security clearances; and
(6) ensuring that information security performance indicators are included in the annual performance evaluations of all managers, senior managers, senior executive service personnel, and political appointees.
Directs senior agency officials, with a frequency sufficient to support risk-based security decisions, to: (1) test and evaluate information security controls and techniques, and (2) conduct threat assessments by monitoring information systems and identifying potential system vulnerabilities. (Current law requires only periodic testing and evaluation.)
Defines "information system" as a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Includes in such definition: (1) computers and computer networks; (2) ancillary equipment; (3) software, firmware, and related procedures; (4) support services; and (5) related resources and services.
Directs agencies to determine information security levels in accordance with information security classifications and standards promulgated under the National Institute of Standards and Technology Act.
Directs agencies to collaborate with OMB and appropriate public and private sector security operations centers on security incidents that extend beyond the control of an agency. Requires that security incidents be reported, through an automated and continuous monitoring capability, when possible, to the federal information security incident center (the incident center), appropriate security operations centers, and agency Inspector General.
Directs agencies to conduct vulnerability assessments and penetration tests commensurate with the risk posed to agency information systems.
Requires each agency to delegate to its Chief Information Officer the authority and primary responsibility for developing, implementing, and overseeing an agencywide information security (AIS) program.
Directs agencies to implement an OMB-approved AIS program that is consistent with components across and within agencies.
Requires that such program include automated and continuous monitoring, when possible, to:
(1) mitigate risks associated with security incidents before substantial damage is done; and
(2) notify and consult with the incident center, appropriate security operations response centers, law enforcement agencies, Inspectors General, and other entities or as directed by the President.
Directs the OMB Director to review and approve information security policies and procedures to ensure that the incident center has the capability to detect, correlate, and respond to incidents that impair the security of multiple agencies' information systems. Requires the capability, where practicable, to be continuous and technically automated.
Section 4 -
Specifies that no additional funds are authorized for agencies to carry out their responsibilities under this Act. Requires agencies to carry out such responsibilities using amounts otherwise authorized or appropriated.

House Republican Conference Summary

The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.

No summary available.

House Democratic Caucus Summary

The House Democratic Caucus does not provide summaries of bills.

So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.

We’ll be looking for a source of summaries from the other side in the meanwhile.

Use the comment space below for discussion of the merits of H.R. 1163 with other GovTrack users.
Your comments are not read by Congressional staff.

comments powered by Disqus