42 U.S.C. § 18935

Current through P.L. 118-107 (published on www.congress.gov on 11/21/2024)
Section 18935 - Dissemination of resources for research institutions
(a) Dissemination of resources for research institutions
(1) In general

Not later than one year after August 9, 2022, the Director shall, using the authorities of the Director under subsections (c)(15) and (e)(1)(A)(ix) of section 272 of title 15, disseminate and make publicly available tailored resources to help qualifying institutions identify, assess, manage, and reduce their cybersecurity risk related to conducting research.

(2) Requirements

The Director shall ensure that the resources disseminated pursuant to paragraph (1)-

(A) are generally applicable and usable by a wide range of qualifying institutions;
(B) vary with the nature and size of the qualifying institutions, and the nature and sensitivity of the data collected or stored on the information systems or devices of the qualifying institutions;
(C) include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist qualifying institutions in mitigating common cybersecurity risks;
(D) include case studies, examples, and scenarios of practical application;
(E) are outcomes-based and can be implemented using a variety of technologies that are commercial and off-the-shelf; and
(F) to the extent practicable, are based on international technical standards.
(3) National cybersecurity awareness and education program

The Director shall ensure that the resources disseminated under paragraph (1) are consistent with the efforts of the Director under section 7443 of title 15.

(4) Updates

The Director shall review periodically and update the resources under paragraph (1) as the Director determines appropriate.

(5) Voluntary resources

The use of the resources disseminated under paragraph (1) shall be considered voluntary.

(b) Other Federal cybersecurity requirements

Nothing in this section may be construed to supersede, alter, or otherwise affect any cybersecurity requirements applicable to Federal agencies.

(c) Definitions

In this section:

(1) Qualifying institutions

The term "qualifying institutions" means institutions of higher education that are awarded in excess of $50,000,000 per year in total Federal research funding.

(2) Resources

The term "resources" means guidelines, tools, best practices, technical standards, methodologies, and other ways of providing information.

42 U.S.C. § 18935

Pub. L. 117-167, div. B, title II, §102290229,, 136 Stat. 1481.
practices
The term "practices" means design, financing, permitting, construction, commissioning, operation and maintenance, and other practices that contribute to achieving zero-net-energy buildings or facilities.