H.R.7327 - Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act115th Congress (2017-2018)
|Sponsor:||Rep. Hurd, Will [R-TX-23] (Introduced 12/19/2018)|
|Committees:||House - Oversight and Government; Homeland Security|
|Latest Action:||12/21/2018 Became Public Law No: 115-390. (TXT | PDF) (All Actions)|
|Roll Call Votes:||There has been 1 roll call vote|
This bill has the status Became Law
Here are the steps for Status of Legislation:
- Passed House
- Passed Senate
- To President
- Became Law
Summary: H.R.7327 — 115th Congress (2017-2018)All Information (Except Text)
Public Law No: 115-390 (12/21/2018)
Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act or the SECURE Technology Act
TITLE I--DEPARTMENT OF HOMELAND SECURITY INFORMATION SECURITY AND OTHER MATTERS
(Sec. 101) This bill directs the Department of Homeland Security (DHS) to: (1) establish a policy applicable to individuals, organizations, and companies to report security vulnerabilities on DHS information systems; and (2) develop a process to address the mitigation or remediation of the vulnerabilities reported. DHS shall make such policy publicly available and submit a copy to Congress with the required remediation process.
(Sec. 102) DHS shall establish, within the Office of the Chief Information Officer, a bug bounty pilot program to minimize security vulnerabilities.
"Bug bounty program" means a program under which: (1) individuals, organizations, and companies are temporarily authorized to identify and report vulnerabilities of DHS information systems; and (2) eligible individuals, organizations, and companies receive compensation in exchange for such reports.
TITLE II--FEDERAL ACQUISITION SUPPLY CHAIN SECURITY
Federal Acquisition Supply Chain Security Act of 2018
(Sec. 202) This bill establishes a Federal Acquisition Security Council. The council shall: (1) identify and recommend development of supply chain risk management standards, guidelines, and practices for assessing and developing mitigation strategies to address supply chain risks; and (2) develop a strategic plan for addressing supply chain risks posed by the acquisition of certain technology and equipment (covered articles).
(Sec. 203) The bill sets forth standards for executive agencies in assessing supply chain risks and extends to such agencies authorities for mitigating supply chain risks in the procurement of covered articles.
(Sec. 204) The bill adds agency responsibilities relating to assessing and avoiding, mitigating, transferring, or accepting supply chain risks and complying with exclusion and removal orders.