View all text of Part A [§ 18931 - § 18940]
§ 18935. Dissemination of resources for research institutions
(a) Dissemination of resources for research institutions
(1) In general
(2) Requirements
The Director shall ensure that the resources disseminated pursuant to paragraph (1)—
(A) are generally applicable and usable by a wide range of qualifying institutions;
(B) vary with the nature and size of the qualifying institutions, and the nature and sensitivity of the data collected or stored on the information systems or devices of the qualifying institutions;
(C) include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist qualifying institutions in mitigating common cybersecurity risks;
(D) include case studies, examples, and scenarios of practical application;
(E) are outcomes-based and can be implemented using a variety of technologies that are commercial and off-the-shelf; and
(F) to the extent practicable, are based on international technical standards.
(3) National cybersecurity awareness and education program
(4) Updates
(5) Voluntary resources
(b) Other Federal cybersecurity requirements
(c) Definitions
In this section:
(1) Qualifying institutions
(2) Resources
(Pub. L. 117–167, div. B, title II, § 10229, Aug. 9, 2022, 136 Stat. 1481.)