H.R. 3462 (117^th): SBA Cyber Awareness Act

In the Senate of the United States,
                                       September 28, 2022.
     Resolved, That the bill from the House of Representa-
tives (H.R. 3462) entitled ‘‘An Act to require an annual re-
port on the cybersecurity of the Small Business Administra-
tion, and for other purposes.’’, do pass with the following

                  AMENDMENT:
         Strike out all after the enacting clause and insert:
 1   SECTION 1. SHORT TITLE.

 2       This Act may be cited as the ‘‘SBA Cyber Awareness
 3 Act’’.
 4   SEC. 2. CYBERSECURITY AWARENESS REPORTING.

 5       (a) IN GENERAL.—Section 10 of the Small Business
 6 Act (15 U.S.C. 639) is amended by inserting after sub-
 7 section (a) the following:
 8       ‘‘(b) CYBERSECURITY REPORTS.—
 9            ‘‘(1) ANNUAL   REPORT.—Not   later than 180 days
10       after the date of enactment of this subsection, and
11       every year thereafter, the Administrator shall submit
                                  2
 1      a report to the appropriate congressional committees
 2      that includes—
 3                   ‘‘(A) a strategy to increase the cybersecurity
 4            of information technology infrastructure of the
 5            Administration;
 6                   ‘‘(B) a supply chain risk management
 7            strategy and an implementation plan to address
 8            the risks of foreign manufactured information
 9            technology equipment utilized by the Adminis-
10            tration, including specific risk mitigation activi-
11            ties for components originating from entities
12            with principal places of business located in the
13            People’s Republic of China; and
14                   ‘‘(C) an account of—
15                        ‘‘(i) any incident that occurred at the
16                   Administration during the 2-year period
17                   preceding the date on which the first report
18                   is submitted, and, for subsequent reports,
19                   the 1-year period preceding the date of sub-
20                   mission; and
21                        ‘‘(ii) any action taken by the Adminis-
22                   trator to respond to or remediate any such
23                   incident.
24            ‘‘(2) FISMA        REPORTS.—Each    report required
25      under paragraph (1) may be submitted as part of the


     † HR 3462 EAS
                                  3
 1      report required under section 3554 of title 44, United
 2      States Code.
 3            ‘‘(3) RULE     OF CONSTRUCTION.—Nothing      in this
 4      subsection shall be construed to affect the reporting re-
 5      quirements of the Administrator under chapter 35 of
 6      title 44, United States Code, in particular the re-
 7      quirement to notify the Federal information security
 8      incident center under section 3554(b)(7)(C)(ii) of such
 9      title, any guidance issued by the Office of Manage-
10      ment and Budget, or any other provision of law or
11      Federal policy.
12            ‘‘(4) DEFINITIONS.—In this subsection:
13                   ‘‘(A) APPROPRIATE     CONGRESSIONAL COM-

14            MITTEES.—The        term ‘appropriate congressional
15            committees’ means—
16                          ‘‘(i) the Committee on Small Business
17                   and Entrepreneurship of the Senate;
18                          ‘‘(ii) the Committee on Homeland Se-
19                   curity and Governmental Affairs of the Sen-
20                   ate;
21                          ‘‘(iii) the Committee on Small Busi-
22                   ness of the House of Representatives; and
23                          ‘‘(iv) the Committee on Oversight and
24                   Reform of the House of Representatives.




     † HR 3462 EAS
                                 4
 1                    ‘‘(B) INCIDENT.—The term ‘incident’ has
 2             the meaning given the term in section 3552 of
 3             title 44, United States Code.
 4                    ‘‘(C)   INFORMATION      TECHNOLOGY.—The

 5             term ‘information technology’ has the meaning
 6             given the term in section 3502 of title 44, United
 7             States Code.’’.
 8       (b) REPORT.—Not later than 1 year after the date of
 9 enactment of this Act, the Administrator of the Small Busi-
10 ness Administration shall, to the greatest extent practicable,
11 provide to the Committee on Small Business and Entrepre-
12 neurship of the Senate, the Committee on Homeland Secu-
13 rity and Governmental Affairs of the Senate, the Committee
14 on Small Business of the House of Representatives, and the
15 Committee on Oversight and Reform of the House of Rep-
16 resentatives a detailed account of information technology
17 (as defined in section 3502 of title 44, United States Code)
18 of the Small Business Administration that was manufac-
19 tured by an entity that has its principal place of business
20 located in the People’s Republic of China.

         Attest:




                                                    Secretary.



      † HR 3462 EAS
117TH CONGRESS
   2D SESSION    H.R. 3462
        AMENDMENT

Loading...