View all text of Subchapter I [§ 4101 - § 4112]

§ 4112. Requirement for information sharing agreements
(a) Short title
(b) FindingsCongress finds the following:
(1) The legislative branch, as a separate and equal branch of the United States Government, is a target of adversary cyber actors and intelligence services.
(2) The legislative branch relies on the executive branch to provide timely and urgent tactical and operational information to ensure that Congress can protect the constitutional officers, personnel, and facilities of Congress and the institution of Congress more broadly.
(3) The legislative branch currently is not receiving this information in a timely manner nor as a matter of course.
(c) DefinitionsIn this section—
(1) the term “congressional leadership” means—
(A) the Majority and Minority Leader of the Senate with respect to an agreement with the Sergeant at Arms and Doorkeeper of the Senate or the Secretary of the Senate; and
(B) the Speaker and Minority Leader of the House of Representatives with respect to an agreement with the Chief Administrative Officer of the House of Representatives or the Sergeant at Arms of the House of Representatives; and
(2) the terms “cybersecurity threat” and “security vulnerability” have the meanings given those terms in section 650 of title 6, as added by section 5171 1
1 See References in Text note below.
of this division.
(d) Requirement
(1) Designation
(A) In generalNot later than 30 days after December 23, 2022, the President shall designate—
(i) an individual appointed by the President, by and with the advice and consent of the Senate, to serve as a single point of contact to the legislative branch on matters related to tactical and operational cybersecurity threats and security vulnerabilities; and
(ii) an individual appointed by the President, by and with the advice and consent of the Senate, to serve as a single point of contact to the legislative branch on matters related to tactical and operational counterintelligence.
(B) Coordination
(2) Information sharing agreements
(A) In generalNot later than 90 days after December 23, 2022, the individuals designated by the President under paragraph (1)(A) shall enter into 1 or more information sharing agreements with—
(i) the Sergeant at Arms and Doorkeeper of the Senate with respect to cybersecurity information sharing, subject to the approval of congressional leadership and in consultation with the chairman and the ranking minority member of the Committee on Rules and Administration of the Senate;
(ii) the Secretary of the Senate with respect to counterintelligence information sharing, subject to the approval of congressional leadership and in consultation with the chairman and ranking minority member of the Committee on Rules and Administration of the Senate;
(iii) the Chief Administrative Officer of the House of Representatives with respect to cybersecurity information sharing, subject to the approval of the chair of the Committee on House Administration of the House of Representatives and in consultation with the ranking minority member of the committee and congressional leadership; and
(iv) the Sergeant at Arms of the House of Representatives with respect to counterintelligence information sharing, subject to the approval of the chair of the Committee on House Administration of the House of Representatives and in consultation with the ranking minority member of the committee and congressional leadership.
(B) Purpose
(3) Implementation
(e) Elements
(1) In generalThe parties to an information sharing agreement under subsection (d)(2) shall jointly develop such elements of the agreement as the parties find appropriate, which—
(A) with respect to an agreement covered by subsection (d)(2)(A)(i) or (ii), shall, at a minimum, include the applicable elements specified in paragraph (2); and
(B) with respect to an agreement covered by subsection (d)(2)(A)(iii) or (iv), may include the applicable elements specified in paragraph (2).
(2) Elements specifiedThe elements specified in this paragraph are—
(A) direct and timely sharing of technical indicators and contextual information on cyber threats and security vulnerabilities, and the means for such sharing;
(B) direct and timely sharing of counterintelligence threats and vulnerabilities, including trends of counterintelligence activity, and the means for such sharing;
(C) identification, by position, of the officials at the operational and tactical level responsible for daily management of the agreement;
(D) the ability to seat cybersecurity personnel of the Office of the Sergeant at Arms and Doorkeeper of the Senate or the Office of the Chief Administrative Officer of the House of Representatives at cybersecurity operations centers within the executive branch; and
any other elements the parties find appropriate.
(Pub. L. 117–263, div. G, title LXXII, § 7201, Dec. 23, 2022, 136 Stat. 3665.)