42 U.S.C. § 300g–10 — Cybersecurity support for public water systems
Verified against govinfo.gov as of June 20, 2026View official text on govinfo.gov ↗
- (a)DefinitionsIn this section:
- (1)Appropriate Congressional committeesThe term “appropriate Congressional committees” means—
- (2)DirectorThe term “Director” means the Director of the Cybersecurity and Infrastructure Security Agency.
- (3)IncidentThe term “incident” has the meaning given the term in section 3552 of title 44.
- (4)Prioritization FrameworkThe term “Prioritization Framework” means the prioritization framework developed by the Administrator under subsection (b)(1)(A).
- (5)Support PlanThe term “Support Plan” means the Technical Cybersecurity Support Plan developed by the Administrator under subsection (b)(2)(A).
- (b)Identification of and support for public water systems
- (1)Prioritization Framework
- (A)In generalNot later than 180 days after November 15, 2021, the Administrator, in coordination with the Director, shall develop a prioritization framework to identify public water systems (including sources of water for those public water systems) that, if degraded or rendered inoperable due to an incident, would lead to significant impacts on the health and safety of the public.
- (B)ConsiderationsIn developing the Prioritization Framework, to the extent practicable, the Administrator shall incorporate consideration of—
- (i)whether cybersecurity vulnerabilities for a public water system have been identified under section 300i–2 of this title;
- (ii)the capacity of a public water system to remediate a cybersecurity vulnerability without additional Federal support;
- (iii)whether a public water system serves a defense installation or critical national security asset; and
- (iv)whether a public water system, if degraded or rendered inoperable due to an incident, would cause a cascading failure of other critical infrastructure.
- (2)Technical Cybersecurity Support Plan
- (A)In generalNot later than 270 days after November 15, 2021, the Administrator, in coordination with the Director and using existing authorities of the Administrator and the Director for providing voluntary support to public water systems and the Prioritization Framework, shall develop a Technical Cybersecurity Support Plan for public water systems.
- (B)RequirementsThe Support Plan—
- (i)shall establish a methodology for identifying specific public water systems for which cybersecurity support should be prioritized;
- (ii)shall establish timelines for making voluntary technical support for cybersecurity available to specific public water systems;
- (iii)may include public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity;
- (iv)shall include specific capabilities of the Administrator and the Director that may be utilized to provide support to public water systems under the Support Plan, including—
- (v)shall only include plans for providing voluntary support to public water systems.
- (3)Consultation requiredIn developing the Prioritization Framework pursuant to paragraph (1) and the Support Plan pursuant to paragraph (2), the Administrator shall consult with such Federal or non-Federal entities as determined to be appropriate by the Administrator.
- (4)Reports required
- (A)Prioritization FrameworkNot later than 190 days after November 15, 2021, the Administrator shall submit to the appropriate Congressional committees a report describing the Prioritization Framework.
- (B)Technical Cybersecurity Support PlanNot later than 280 days after November 15, 2021, the Administrator shall submit to the appropriate Congressional committees—
- (1)Prioritization Framework
- (c)Rules of constructionNothing in this section—