[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5786 Introduced in House (IH)]

<DOC>






118th CONGRESS
  1st Session
                                H. R. 5786

    To establish in the National Nuclear Security Administration a 
Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           September 28, 2023

Mr. Carbajal (for himself, Mr. Bacon, and Mr. Gallagher) introduced the 
 following bill; which was referred to the Committee on Armed Services

_______________________________________________________________________

                                 A BILL


 
    To establish in the National Nuclear Security Administration a 
Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. CYBERSECURITY RISK INVENTORY, ASSESSMENT, AND MITIGATION 
              WORKING GROUP.

    Subtitle A of title XXXII of the National Defense Authorization Act 
for Fiscal Year 2000 (Public Law 106-65) is amended by adding at the 
end the following new section:

``SEC. 3222. CYBERSECURITY RISK INVENTORY, ASSESSMENT, AND MITIGATION 
              WORKING GROUP.

    ``(a) Establishment.--There is in the Administration a working 
group, to be known as the `Cybersecurity Risk Inventory, Assessment, 
and Mitigation Working Group'.
    ``(b) Membership.--Members of the working group shall include the 
Deputy Administrator for Defense Programs, the Associate Administrator 
for Information Management and Chief Information Officer, and staff 
from other offices as determined appropriate by the Deputy 
Administrator and Associate Administrator.
    ``(c) Comprehensive Strategy.--The working group shall prepare a 
comprehensive strategy for inventorying the range of National Nuclear 
Security Administration systems that are potentially at risk in the 
operational technology and nuclear weapons information technology 
environments, assessing the systems at risk, and implementing risk 
mitigation actions. Such strategy shall incorporate key elements of 
effective cybersecurity risk management strategies, as identified by 
the Government Accountability Office, including the specification of--
            ``(1) goals, objectives, activities, and performance 
        measures;
            ``(2) organizational roles, responsibilities, and 
        coordination;
            ``(3) necessary resources needed to implement the strategy 
        over the next ten years; and
            ``(4) detailed milestones and schedules for completion of 
        tasks.
    ``(d) Submission to Congress.--
            ``(1) Briefing.--Not later than 120 days after the date of 
        the enactment of this Act, the members of the working group 
        shall provide to the congressional defense committees a 
        briefing on the plan of the working group plan to develop the 
        strategy required under subsection (c).
            ``(2) Submission of strategy.--Not later than April 1, 
        2025, the working group shall submit the congressional defense 
        committees a copy of the completed strategy.
    ``(e) Termination.--The working group shall terminate on the date 
that is five years after the date of the enactment of this section.''.
                                 <all>