|
The
Cyber Security Research and Development Act of 2009
The U.S. House of Representatives overwhelmingly
February 4 approved a cybersecurity bill that calls for beefing up
training, research, and coordination so the government can be better
prepared to deal with cyberattacks. The Cyber Security Research and
Development Act of 2009, which passed by a vote of 422 to 5,
authorizes the National Institute of Standards and Technology to
develop a cybersecurity education program that can help consumers,
businesses, and government workers keep their computers secure.
Attached
full text HR 4061 as passed
Below Standards text
H.R.4061
Cybersecurity
Enhancement Act of 2010 (Engrossed as Agreed to or Passed by House)
TITLE II--ADVANCEMENT OF
CYBERSECURITY TECHNICAL STANDARDS
SEC. 201. DEFINITIONS.
(1) DIRECTOR- The term `Director' means the Director of the
National Institute of Standards and Technology.
(2) INSTITUTE- The term `Institute' means the National Institute
of Standards and Technology.
SEC. 202. INTERNATIONAL CYBERSECURITY
TECHNICAL STANDARDS.
The Director, in coordination with appropriate Federal
authorities, shall--
(1) ensure coordination of United States Government
representation in the international development of technical
standards related to cybersecurity; and
(2) not later than 1 year after the date of enactment of this
Act, develop and transmit to the Congress a proactive plan to
engage international standards bodies with respect to the
development of technical standards related to cybersecurity.
SEC. 203. PROMOTING CYBERSECURITY AWARENESS
AND EDUCATION.
(a) Program- The Director, in collaboration with relevant Federal
agencies, industry, educational institutions, and other
organizations, shall develop and implement a cybersecurity
awareness and education program to increase public awareness,
including among children and young adults, of cybersecurity risks,
consequences, and best practices through--
(1) the widespread dissemination of cybersecurity technical
standards and best practices identified by the Institute; and
(2) efforts to make cybersecurity technical standards and best
practices usable by individuals, small to medium-sized
businesses, State, local, and tribal governments, and
educational institutions, especially with respect to novice
computer users, elderly populations, low-income populations, and
populations in areas of planned broadband expansion or
deployment.
(b) Workshops- In carrying out activities under subsection (a)(1),
the Institute is authorized to host regional workshops to provide
an overview of cybersecurity risks and best practices to
businesses, State, local, and tribal governments, and educational
institutions.
(c) Manufacturing Extension Partnership- The Director shall, to
the extent appropriate, implement subsection (a) through the
Manufacturing Extension Partnership program under section 25 of
the National Institute of Standards and Technology Act (15 U.S.C.
278k).
(d) Report to Congress- Not later than 90 days after the date of
enactment of this Act, the Director shall transmit to the Congress
a report containing a strategy for implementation of this section.
SEC. 204. IDENTITY MANAGEMENT RESEARCH AND
DEVELOPMENT.
The Director shall establish a program to support the development
of technical standards, metrology, testbeds, and conformance
criteria, taking into account appropriate user concerns, to--
(1) improve interoperability among identity management
technologies;
(2) strengthen authentication methods of identity management
systems;
(3) improve privacy protection in identity management systems,
including health information technology systems, through
authentication and security protocols; and
(4) improve the usability of identity management systems.
SEC. 205. PRACTICES AND STANDARDS.
The National Institute of Standards and
Technology shall work with other Federal, State, and private
sector partners, as appropriate, to develop a framework that
States may follow in order to achieve effective cybersecurity
practices in a timely and cost-effective manner.
Passed the House of Representatives February
4, 2010.
|
|
