6 U.S.C. § 661 — Cybersecurity strategy
Verified against govinfo.gov as of June 20, 2026View official text on govinfo.gov ↗
- (a)In generalNot later than 90 days after December 23, 2016, the Secretary shall develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.
- (b)ContentsThe strategy required under subsection (a) shall include the following:
- (1)Strategic and operational goals and priorities to successfully execute the full range of the Secretary’s cybersecurity responsibilities.
- (2)Information on the programs, policies, and activities that are required to successfully execute the full range of the Secretary’s cybersecurity responsibilities, including programs, policies, and activities in furtherance of the following:
- (c)ConsiderationsIn developing the strategy required under subsection (a), the Secretary shall—
- (d)Implementation planNot later than 90 days after the development of the strategy required under subsection (a), the Secretary shall issue an implementation plan for the strategy that includes the following:
- (e)Congressional oversightThe Secretary shall submit to Congress for assessment the following:
- (f)Classified informationThe strategy required under subsection (a) shall be in an unclassified form but may contain a classified annex.
- (g)Rule of constructionNothing in this section may be construed as permitting the Department to engage in monitoring, surveillance, exfiltration, or other collection activities for the purpose of tracking an individual’s personally identifiable information.