Voglio sapere a riguardo di…

Federal Register / Vol. 86, No. 93 / Monday, May 17, 2021 / Presidential Documents
26641

of NIST shall examine all relevant information, labeling, and incentive programs, employ best practices, and identify, modify, or develop a recommended label or, if practicable, a tiered software security rating system.
This review shall focus on ease of use for consumers and a determination of what measures can be taken to maximize participation.
v These pilot programs shall be conducted in a manner consistent with OMB Circular A119 and NIST Special Publication 200002 Conformity Assessment Considerations for Federal Agencies.
w Within 1 year of the date of this order, the Director of NIST shall conduct a review of the pilot programs, consult with the private sector and relevant agencies to assess the effectiveness of the programs, determine what improvements can be made going forward, and submit a summary report to the APNSA.
x Within 1 year of the date of this order, the Secretary of Commerce, in consultation with the heads of other agencies as the Secretary of Commerce deems appropriate, shall provide to the President, through the APNSA, a report that reviews the progress made under this section and outlines additional steps needed to secure the software supply chain.
Sec. 5. Establishing a Cyber Safety Review Board. a The Secretary of Homeland Security, in consultation with the Attorney General, shall establish the Cyber Safety Review Board Board, pursuant to section 871 of the Homeland Security Act of 2002 6 U.S.C. 451.
b The Board shall review and assess, with respect to significant cyber incidents as defined under Presidential Policy Directive 41 of July 26, 2016 United States Cyber Incident Coordination PPD41 affecting FCEB
Information Systems or non-Federal systems, threat activity, vulnerabilities, mitigation activities, and agency responses.
c The Secretary of Homeland Security shall convene the Board following a significant cyber incident triggering the establishment of a Cyber Unified Coordination Group UCG as provided by section VB2 of PPD41; at any time as directed by the President acting through the APNSA; or at any time the Secretary of Homeland Security deems necessary.
d The Boards initial review shall relate to the cyber activities that prompted the establishment of a UCG in December 2020, and the Board shall, within 90 days of the Boards establishment, provide recommendations to the Secretary of Homeland Security for improving cybersecurity and incident response practices, as outlined in subsection i of this section.
e The Boards membership shall include Federal officials and representatives from private-sector entities. The Board shall comprise representatives of the Department of Defense, the Department of Justice, CISA, the NSA, and the FBI, as well as representatives from appropriate private-sector cybersecurity or software suppliers as determined by the Secretary of Homeland Security. A representative from OMB shall participate in Board activities when an incident under review involves FCEB Information Systems, as determined by the Secretary of Homeland Security. The Secretary of Homeland Security may invite the participation of others on a case-by-case basis depending on the nature of the incident under review.
f The Secretary of Homeland Security shall biennially designate a Chair and Deputy Chair of the Board from among the members of the Board, to include one Federal and one private-sector member.
g The Board shall protect sensitive law enforcement, operational, business, and other confidential information that has been shared with it, consistent with applicable law.
h The Secretary of Homeland Security shall provide to the President through the APNSA any advice, information, or recommendations of the Board for improving cybersecurity and incident response practices and policy upon completion of its review of an applicable incident.

VerDate Sep<11>2014

15:52 May 14, 2021

Jkt 253001

PO 00000

Frm 00009

Fmt 4705

Sfmt 4790

E:FRFM17MYE0.SGM

17MYE0