Summary: H.R.7327 — 115th Congress (2017-2018)All Information (Except Text)

Bill summaries are authored by CRS.

Shown Here:
Public Law No: 115-390 (12/21/2018)

Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act or the SECURE Technology Act

TITLE I--DEPARTMENT OF HOMELAND SECURITY INFORMATION SECURITY AND OTHER MATTERS

(Sec. 101) This bill directs the Department of Homeland Security (DHS) to: (1) establish a policy applicable to individuals, organizations, and companies to report security vulnerabilities on DHS information systems; and (2) develop a process to address the mitigation or remediation of the vulnerabilities reported. DHS shall make such policy publicly available and submit a copy to Congress with the required remediation process.

(Sec. 102) DHS shall establish, within the Office of the Chief Information Officer, a bug bounty pilot program to minimize security vulnerabilities.

"Bug bounty program" means a program under which: (1) individuals, organizations, and companies are temporarily authorized to identify and report vulnerabilities of DHS information systems; and (2) eligible individuals, organizations, and companies receive compensation in exchange for such reports.

TITLE II--FEDERAL ACQUISITION SUPPLY CHAIN SECURITY

Federal Acquisition Supply Chain Security Act of 2018

(Sec. 202) This bill establishes a Federal Acquisition Security Council. The council shall: (1) identify and recommend development of supply chain risk management standards, guidelines, and practices for assessing and developing mitigation strategies to address supply chain risks; and (2) develop a strategic plan for addressing supply chain risks posed by the acquisition of certain technology and equipment (covered articles).

(Sec. 203) The bill sets forth standards for executive agencies in assessing supply chain risks and extends to such agencies authorities for mitigating supply chain risks in the procurement of covered articles.

(Sec. 204) The bill adds agency responsibilities relating to assessing and avoiding, mitigating, transferring, or accepting supply chain risks and complying with exclusion and removal orders.