(a) Definitions
In this section—
(1) the term "agency information system" means an information system used or operated by an agency or by another entity on behalf of an agency;
(2) the terms "cybersecurity risk" and "information system" have the meanings given those terms in section 659 of this title;
(3) the term "intelligence community" has the meaning given the term in section 3003(4) of title 50; and
(4) the term "national security system" has the meaning given the term in section 11103 of title 40.
(b) Intrusion assessment plan
(1) Requirement
The Secretary, in coordination with the Director of the Office of Management and Budget, shall—
(A) develop and implement an intrusion assessment plan to proactively detect, identify, and remove intruders in agency information systems on a routine basis; and
(B) update such plan as necessary.
(2) Exception
The intrusion assessment plan required under paragraph (1) shall not apply to the Department of Defense, a national security system, or an element of the intelligence community.
(c) Cyber incident response plan
The Director of Cybersecurity and Infrastructure Security shall, in coordination with appropriate Federal departments and agencies, State and local governments, sector coordinating councils, information sharing and analysis organizations (as defined in section 671(5) of this title), owners and operators of critical infrastructure, and other appropriate entities and individuals, develop, regularly update, maintain, and exercise adaptable cyber incident response plans to address cybersecurity risks (as defined in section 659 of this title) to critical infrastructure.
(d) National Response Framework
The Secretary, in coordination with the heads of other appropriate Federal departments and agencies, and in accordance with the National Cybersecurity Incident Response Plan required under subsection (c), shall regularly update, maintain, and exercise the Cyber Incident Annex to the National Response Framework of the Department.
Editorial Notes
Codification
Section was formerly classified to section 149 of this title prior to renumbering by Pub. L. 115–278.
Former section 149 of this title, which was transferred and redesignated as subsec. (c) of this section by Pub. L. 114–113, div. N, title II, §223(a)(2), Dec. 18, 2015, 129 Stat. 2963, was based on Pub. L. 107–296, title II, §227, as added by Pub. L. 113–282, §7(a), Dec. 18, 2014, 128 Stat. 3070.
Amendments
2018—Subsec. (a)(2). Pub. L. 115–278, §2(g)(9)(A)(iv)(I), substituted "section 659 of this title" for "section 148 of this title".
Subsec. (c). Pub. L. 115–278, §2(g)(9)(A)(iv), substituted "Director of Cybersecurity and Infrastructure Security" for "Under Secretary appointed under section 113(a)(1)(H) of this title", "section 671(5) of this title" for "section 131(5) of this title", and "section 659 of this title" for "section 148 of this title".
2015—Subsec. (c). Pub. L. 114–113, §223(a)(5), made technical amendment to reference in original act which appears in text as reference to section 148 of this title.
Pub. L. 114–113, §223(a)(2), transferred former section 149 of this title to subsec. (c) of this section. See Codification note above.
Subsec. (d). Pub. L. 114–113, §205, added subsec. (d).
Statutory Notes and Related Subsidiaries
Rule of Construction
Pub. L. 113–282, §7(c), Dec. 18, 2014, 128 Stat. 3072, provided that: "Nothing in the amendment made by subsection (a) [enacting subsec. (c) of this section and section 150 of this title] or in subsection (b)(1) [formerly classified as a note under section 3543 of Title 44, Public Printing and Documents, see now section 2(d)(1) of Pub. L. 113–283, set out as a note under section 3553 of Title 44] shall be construed to alter any authority of a Federal agency or department."