U.S Code last checked for updates: Sep 29, 2023
§ 1522.
Advanced internal defenses
(a)
Advanced network security tools
(1)
In general

The Secretary shall include, in the efforts of the Department to continuously diagnose and mitigate cybersecurity risks, advanced network security tools to improve visibility of network activity, including through the use of commercial and free or open source tools, and to detect and mitigate intrusions and anomalous activity.

(2)
Development of plan

The Director shall develop and the Secretary shall implement a plan to ensure that each agency utilizes advanced network security tools, including those described in paragraph (1), to detect and mitigate intrusions and anomalous activity.

(b)
Prioritizing advanced security tools
The Director and the Secretary, in consultation with appropriate agencies, shall—
(1)
review and update Government-wide policies and programs to ensure appropriate prioritization and use of network security monitoring tools within agency networks; and
(2)
brief appropriate congressional committees on such prioritization and use.
(c)
Improved metrics

The Secretary, in collaboration with the Director, shall review and update the metrics used to measure security under section 3554 of title 44 to include measures of intrusion and incident detection and response times.

(d)
Transparency and accountability

The Director, in consultation with the Secretary, shall increase transparency to the public on agency cybersecurity posture, including by increasing the number of metrics available on Federal Government performance websites and, to the greatest extent practicable, displaying metrics for department components, small agencies, and micro-agencies.

(e)
Omitted
(f)
Exception

The requirements under this section shall not apply to the Department of Defense, a national security system, or an element of the intelligence community.

(Pub. L. 114–113, div. N, title II, § 224, Dec. 18, 2015, 129 Stat. 2967.)
cite as: 6 USC 1522