View all text of Subchapter I [§ 3301 - § 3316c]

§ 3316a. Reports on intelligence community participation in vulnerabilities equities process of Federal Government
(a) DefinitionsIn this section:
(1) Vulnerabilities Equities Policy and Process document
(2) Vulnerabilities Equities Process
(3) Vulnerability
(b) Reports on process and criteria under Vulnerabilities Equities Policy and Process
(1) In generalNot later than 90 days after December 20, 2019, the Director of National Intelligence shall submit to the congressional intelligence committees a written report describing—
(A) with respect to each element of the intelligence community—
(i) the title of the official or officials responsible for determining whether, pursuant to criteria contained in the Vulnerabilities Equities Policy and Process document or any successor document, a vulnerability must be submitted for review under the Vulnerabilities Equities Process; and
(ii) the process used by such element to make such determination; and
(B) the roles or responsibilities of that element during a review of a vulnerability submitted to the Vulnerabilities Equities Process.
(2) Changes to process or criteria
(3) Form of reports
(c) Annual reports
(1) In generalNot less frequently than once each calendar year, the Director of National Intelligence shall submit to the congressional intelligence committees a classified report containing, with respect to the previous year—
(A) the number of vulnerabilities submitted for review under the Vulnerabilities Equities Process;
(B) the number of vulnerabilities described in subparagraph (A) disclosed to each vendor responsible for correcting the vulnerability, or to the public, pursuant to the Vulnerabilities Equities Process; and
(C) the aggregate number, by category, of the vulnerabilities excluded from review under the Vulnerabilities Equities Process, as described in paragraph 5.4 of the Vulnerabilities Equities Policy and Process document.
(2) Unclassified informationEach report submitted under paragraph (1) shall include an unclassified appendix that contains—
(A) the aggregate number of vulnerabilities disclosed to vendors or the public pursuant to the Vulnerabilities Equities Process; and
(B) the aggregate number of vulnerabilities disclosed to vendors or the public pursuant to the Vulnerabilities Equities Process known to have been patched.
(3) Nonduplication
(4) Publication
(Pub. L. 116–92, div. E, title LXVII, § 6720, Dec. 20, 2019, 133 Stat. 2230; Pub. L. 117–103, div. X, title III, § 307, Mar. 15, 2022,