Except as otherwise specifically provided, in this subchapter:
The term "Agency" means the Cybersecurity and Infrastructure Security Agency.
The term "appropriate congressional committees" means-
The term "cloud service provider" means an entity offering products or services related to cloud computing, as defined by the National Institute of Standards and Technology in NIST Special Publication 800-145 and any amendatory or superseding document relating thereto.
The term "critical infrastructure information" means information not customarily in the public domain and related to the security of critical infrastructure or protected systems-
The term "cyber threat indicator" means information that is necessary to describe or identify-
The term "cybersecurity purpose" means the purpose of protecting an information system or information that is stored on, processed by, or transiting an information system from a cybersecurity threat or security vulnerability.
The term "cybersecurity risk"-
Except as provided in subparagraph (B), the term "cybersecurity threat" means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.
The term "cybersecurity threat" does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.
Except as provided in subparagraph (B), the term "defensive measure" means an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability.
The term "defensive measure" does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information system or information stored on, processed by, or transiting such information system not owned by-
The term "Director" means the Director of the Cybersecurity and Infrastructure Security Agency.
The term "Homeland Security Enterprise" means relevant governmental and nongovernmental entities involved in homeland security, including Federal, State, local, and Tribal government officials, private sector representatives, academics, and other policy experts.
The term "incident" means an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system, or actually or imminently jeopardizes, without lawful authority, an information system.
The term "Information Sharing and Analysis Organization" means any formal or informal entity or collaboration created or employed by public or private sector organizations, for purposes of-
The term "information system"-
The term "intelligence community" has the meaning given the term in section 3003(4) of title 50.
The term "malicious cyber command and control" means a method for unauthorized remote identification of, access to, or use of, an information system or information that is stored on, processed by, or transiting an information system.
The term "malicious reconnaissance" 1 a method for actively probing or passively monitoring an information system for the purpose of discerning security vulnerabilities of the information system, if such method is associated with a known or suspected cybersecurity threat.
The term "managed service provider" means an entity that delivers services, such as network, application, infrastructure, or security services, via ongoing and regular support and active administration on the premises of a customer, in the data center of the entity (such as hosting), or in a third party data center.
The term "monitor" means to acquire, identify, or scan, or to possess, information that is stored on, processed by, or transiting an information system.
The term "national cybersecurity asset response activities" means-
The term "national security system" has the meaning given the term in section 11103 of title 40.
The term "ransomware attack"-
The term "Sector Risk Management Agency" means a Federal department or agency, designated by law or Presidential directive, with responsibility for providing institutional knowledge and specialized expertise of a sector, as well as leading, facilitating, or supporting programs and associated activities of its designated critical infrastructure sector in the all hazards environment in coordination with the Department.
The term "security control" means the management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information.
The term "security vulnerability" means any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control.
The term "sharing" (including all conjugations thereof) means providing, receiving, and disseminating (including all conjugations of each such terms).
The term "SLTT entity" means a domestic government entity that is a State government, local government, Tribal government, territorial government, or any subdivision thereof.
The term "supply chain compromise" means an incident within the supply chain of an information system that an adversary can leverage, or does leverage, to jeopardize the confidentiality, integrity, or availability of the information system or the information the system processes, stores, or transmits, and can occur at any point during the life cycle.
1 So in original. Probably should be followed by "means".
6 U.S.C. § 650
STATUTORY NOTES AND RELATED SUBSIDIARIES
RULE OF CONSTRUCTION Pub. L. 117-263, div. G, title LXXI, §7143(f), Dec. 23, 2022, 136 Stat. 3664, provided that:"(1) INTERPRETATION OF TECHNICAL CORRECTIONS.-Nothing in the amendments made by subsections (a) through (d) [enacting this section and amending sections 195f, 321l, 464, 571, 624, 651 to 652a, 655, 656, 659 to 663, 665, 665b, 665d, 665g, 665i, 671, 681, 1501, 1521, and 1524 of this title, sections 278g-3a and 648 of Title 15, Commerce and Trade, section 824s-1 of Title 16, Conservation, sections 300hh-10 and 18723 of Title 42, The Public Health and Welfare, section 70101 of Title 46, Shipping, and sections 3049a and 3371a of Title 50, War and National Defense] shall be construed to alter the authorities, responsibilities, functions, or activities of any agency (as such term is defined in section 3502 of title 44, United States Code) or officer or employee of the United States on or before the date of enactment of this Act [Dec. 23, 2022]."(2) INTERPRETATION OF REFERENCES TO DEFINITIONS.-Any reference to a term defined in the Homeland Security Act of 2002 (6 U.S.C. 101 et seq.) on the day before the date of enactment of this Act that is defined in section 2200 of that Act [6 U.S.C. 650] pursuant to the amendments made under this Act [Pub. L. 117-263 see Tables for classification] shall be deemed to be a reference to that term as defined in section 2200 of the Homeland Security Act of 2002, as added by this Act."
- Department
- The term "Department" means the Department of Homeland Security.
- State
- The term "State" means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the Virgin Islands, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and any possession of the United States.
- assets
- The term "assets" includes contracts, facilities, property, records, unobligated or unexpended balances of appropriations, and other funds or resources (other than personnel).
- functions
- The term "functions" includes authorities, powers, rights, privileges, immunities, programs, projects, activities, duties, and responsibilities.
- local government
- The term "local government" means-(A) a county, municipality, city, town, township, local public authority, school district, special district, intrastate district, council of governments (regardless of whether the council of governments is incorporated as a nonprofit corporation under State law), regional or interstate government entity, or agency or instrumentality of a local government;(B) an Indian tribe or authorized tribal organization, or in Alaska a Native village or Alaska Regional Native Corporation; and(C) a rural community, unincorporated town or village, or other public entity.
- terrorism
- The term "terrorism" means any activity that-(A) involves an act that-(i) is dangerous to human life or potentially destructive of critical infrastructure or key resources; and(ii) is a violation of the criminal laws of the United States or of any State or other subdivision of the United States; and(B) appears to be intended-(i) to intimidate or coerce a civilian population;(ii) to influence the policy of a government by intimidation or coercion; or(iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping.
- Agency
- the term "Agency" means the Federal Emergency Management Agency;
- tribal government
- the term "tribal government" means the government of an Indian tribe or authorized tribal organization, or in Alaska a Native village or Alaska Regional Native Corporation.1 See References in Text note below.