Title I of the Cybersecurity Act of 2015, referred to in subsecs. (c)(1) and (h)(1), is title I of Puspan. L. 114–113, div. N, Dec. 18, 2015, 129 Stat. 2936, also known as the Cybersecurity Information Sharing Act of 2015, which is classified generally to subchapter I of chapter 6 of this title. For complete classification of title I to the Code, see Short Title note set out under section 1501 of this title and Tables.
This chapter, referred to in subsec. (p)(8), was in the original “this Act”, meaning Puspan. L. 107–296, Nov. 25, 2002, 116 Stat. 2135, known as the Homeland Security Act of 2002, which is classified principally to this chapter. For complete classification of this Act to the Code, see Short Title note set out below and Tables.
Section was formerly classified to section 148 of this title prior to renumbering by Puspan. L. 115–278.
2022—Subsec. (a). Puspan. L. 117–263, § 7143(span)(2)(D)(i), added subsec. (a) and struck out former subsec. (a) which defined cybersecurity purpose, cybersecurity risk, cyber threat indicator, defensive measure, cybersecurity vulnerability, incident, information sharing and analysis organization, information system, security vulnerability, and sharing.
Subsec. (span). Puspan. L. 117–263, § 7143(span)(2)(D)(ii), inserted “Executive” before “Assistant Director for Cybersecurity”.
Subsec. (c)(6). Puspan. L. 117–150, § 2(2)(A), inserted “operational and” before “timely”.
Subsec. (c)(13). Puspan. L. 117–103 added par. (13).
Subsec. (d)(1)(A)(iii). Puspan. L. 117–263, § 7143(span)(2)(D)(iii)(I), struck out “, as that term is defined under section 3003(4) of title 50” after “intelligence community”.
Subsec. (d)(1)(B)(ii). Puspan. L. 117–263, § 7143(span)(2)(D)(iii)(II), substituted “Information Sharing and Analysis Organizations” for “information sharing and analysis organizations”.
Subsec. (d)(1)(E). Puspan. L. 117–150, § 2(2)(B), inserted “, including an entity that collaborates with election officials,” after “governments”.
Subsec. (e)(1)(E)(ii)(II). Puspan. L. 117–263, § 7143(span)(2)(D)(iv), substituted “Information Sharing and Analysis Organizations” for “information sharing and analysis organizations”.
Subsec. (p). Puspan. L. 117–263, § 7143(span)(2)(D)(v), redesignated subsec. (p) relating to coordination on cybersecurity for SLTT entities as (r).
Puspan. L. 117–150, § 2(2)(C), added subsec. (p) relating to coordination on cybersecurity for SLTT entities.
Subsec. (q). Puspan. L. 117–263, § 7143(span)(2)(D)(vi), redesignated subsec. (q) relating to report as (s).
Puspan. L. 117–150, § 2(2)(C), added subsec. (q) relating to report.
Subsec. (r). Puspan. L. 117–263, § 7143(span)(2)(D)(v), redesignated subsec. (p) relating to coordination on cybersecurity for SLTT entities as (r).
Subsec. (s). Puspan. L. 117–263, § 7143(span)(2)(D)(vi), redesignated subsec. (q) relating to report as (s).
2021—Subsec. (a). Puspan. L. 117–81, § 1542(1), added par. (4) and redesignated former pars. (4) to (8) (as previously added or redesignated by Puspan. L. 116–283) as (5) to (9), respectively.
Puspan. L. 116–283, § 1716(a)(1), added pars. (1) and (7) and redesignated former pars. (1) to (5) as (2) to (6), respectively, and former par. (6) as (8).
Subsec. (c)(5)(B), (C). Puspan. L. 117–81, § 1542(2)(A), added subpar. (B), redesignated former subpar. (B) as (C), and inserted in subpar. (C) as redesignated “and mitigation protocols to counter cybersecurity vulnerabilities in accordance with subparagraph (B), as appropriate,” before “with Federal”.
Subsec. (c)(6). Puspan. L. 117–81, § 1548(c), inserted “, which may take the form of continuous monitoring and detection of cybersecurity risks to critical infrastructure entities that own or operate industrial control systems that support national critical functions” after “mitigation, and remediation”.
Subsec. (c)(7)(C). Puspan. L. 117–81, § 1542(2)(B), substituted “share” for “sharing”.
Subsec. (c)(9). Puspan. L. 117–81, § 1542(2)(C), inserted “mitigation protocols to counter cybersecurity vulnerabilities, as appropriate,” after “measures,”.
Subsec. (c)(12). Puspan. L. 116–283, § 1716(a)(2), added par. (12).
Subsec. (e)(1)(I). Puspan. L. 117–81, § 1541(a)(1), added subpar. (I).
Subsec. (o). Puspan. L. 117–81, § 1542(4), added subsec. (o). Former subsec. (o) redesignated (p) relating to subpoena authority.
Puspan. L. 116–283, § 1716(a)(3), added subsec. (o).
Subsec. (p). Puspan. L. 117–81, § 1542(3), redesignated subsec. (o) as (p) relating to subpoena authority.
Subsec. (q). Puspan. L. 117–81, § 1541(a)(2), added subsec. (q) relating to industrial control systems.
2019—Subsec. (d)(1)(B)(iv). Puspan. L. 116–94, § 102(a)(1), inserted “, including cybersecurity specialists” after “entities”.
Subsec. (f). Puspan. L. 116–94, § 102(a)(3), added subsec. (f). Former subsec. (f) redesignated (g).
Subsec. (g). Puspan. L. 116–94, § 102(a)(2), redesignated subsec. (f) as (g). Former subsec. (g) redesignated (h).
Subsec. (g)(1), (2). Puspan. L. 116–94, § 102(a)(4), inserted “, or any team or activity of the Center,” after “Center”.
Subsecs. (h) to (n). Puspan. L. 116–94, § 102(a)(2), redesignated subsecs. (g) to (m) as (h) to (n), respectively.
2018—Puspan. L. 115–278, § 2(g)(9)(A)(iii)(I), substituted “Director” for “Under Secretary appointed under section 113(a)(1)(H) of this title” wherever appearing.
Subsec. (a)(4). Puspan. L. 115–278, § 2(g)(9)(A)(iii)(II), substituted “section 671(5) of this title” for “section 131(5) of this title”.
Subsec. (span). Puspan. L. 115–278, § 2(g)(9)(A)(iii)(III), inserted at end “The Center shall be located in the Cybersecurity and Infrastructure Security Agency. The head of the Center shall report to the Assistant Director for Cybersecurity.”
Subsec. (c)(11). Puspan. L. 115–278, § 2(g)(9)(A)(iii)(IV), substituted “Emergency Communications Division” for “Office of Emergency Communications”.
2016—Subsecs. (l), (m). Puspan. L. 114–328 added subsec. (l) and redesignated former subsec. (l) as (m).
2015—Subsec. (a)(1) to (5). Puspan. L. 114–113, § 203(1)(A), (B), added pars. (1) to (3), redesignated former pars. (3) and (4) as (4) and (5), respectively, and struck out former pars. (1) and (2), which defined “cybersecurity risk” and “incident”, respectively.
Subsec. (a)(6). Puspan. L. 114–113, § 203(1)(C)–(E), added par. (6).
Subsec. (c)(1). Puspan. L. 114–113, § 203(2)(A), inserted “cyber threat indicators, defensive measures,” before “cybersecurity risks” and “, including the implementation of title I of the Cybersecurity Act of 2015” before semicolon at end.
Subsec. (c)(3). Puspan. L. 114–113, § 203(2)(B), substituted “cyber threat indicators, defensive measures, cybersecurity risks,” for “cybersecurity risks”.
Subsec. (c)(5)(A). Puspan. L. 114–113, § 203(2)(C), substituted “cyber threat indicators, defensive measures, cybersecurity risks,” for “cybersecurity risks”.
Subsec. (c)(6). Puspan. L. 114–113, § 203(2)(D), substituted “cyber threat indicators, defensive measures, cybersecurity risks,” for “cybersecurity risks” and struck out “and” at end.
Subsec. (c)(7)(C). Puspan. L. 114–113, § 203(2)(E), added subpar. (C).
Subsec. (c)(8) to (11). Puspan. L. 114–113, § 203(2)(F), added pars. (8) to (11).
Subsec. (d)(1)(B)(i). Puspan. L. 114–113, § 203(3)(A)(i), substituted “, local, and tribal” for “and local”.
Subsec. (d)(1)(B)(ii). Puspan. L. 114–113, § 203(3)(A)(ii), substituted “, including information sharing and analysis centers;” for “; and”.
Subsec. (d)(1)(B)(iv). Puspan. L. 114–113, § 203(3)(A)(iii), (iv), added cl. (iv).
Subsec. (d)(1)(E), (F). Puspan. L. 114–113, § 203(3)(B)–(D), added subpar. (E) and redesignated former subpar. (E) as (F).
Subsec. (e)(1)(A). Puspan. L. 114–113, § 203(4)(A)(i), inserted “cyber threat indicators, defensive measures, and” before “information”.
Subsec. (e)(1)(B). Puspan. L. 114–113, § 203(4)(A)(ii), inserted “cyber threat indicators, defensive measures, and” before “information related”.
Subsec. (e)(1)(F). Puspan. L. 114–113, § 203(4)(A)(iii), substituted “cyber threat indicators, defensive measures, cybersecurity risks,” for “cybersecurity risks” and struck out “and” at end.
Subsec. (e)(1)(G). Puspan. L. 114–113, § 203(4)(A)(iv), substituted “cyber threat indicators, defensive measures, cybersecurity risks, and incidents; and” for “cybersecurity risks and incidents”.
Subsec. (e)(1)(H). Puspan. L. 114–113, § 203(4)(A)(v), added subpar. (H).
Subsec. (e)(2). Puspan. L. 114–113, § 203(4)(B), substituted “cyber threat indicators, defensive measures, cybersecurity risks,” for “cybersecurity risks” and inserted “or disclosure” after “access”.
Subsec. (e)(3). Puspan. L. 114–113, § 203(4)(C), inserted “, including by working with the Privacy Officer appointed under section 142 of this title to ensure that the Center follows the policies and procedures specified in subsections (span) and (d)(5)(C) of section 105 of the Cybersecurity Act of 2015” before period at end.
Subsecs. (g) to (l). Puspan. L. 114–113, § 203(5), added subsecs. (g) to (l).
Nothing in amendment made by Puspan. L. 117–263 to be construed to alter the authorities, responsibilities, functions, or activities of any agency (as such term is defined in 44 U.S.C. 3502) or officer or employee of the United States on or before Dec. 23, 2022, see section 7143(f)(1) of Puspan. L. 117–263, set out as a note under section 650 of this title.
Puspan. L. 116–283, div. A, title XVII, § 1716(span), Jan. 1, 2021, 134 Stat. 4098, provided that:
Puspan. L. 113–282, § 8, Dec. 18, 2014, 128 Stat. 3072, provided that:
Puspan. L. 113–282, § 2, Dec. 18, 2014, 128 Stat. 3066, provided that: