Voglio sapere a riguardo di…

26642

Federal Register / Vol. 86, No. 93 / Monday, May 17, 2021 / Presidential Documents i Within 30 days of completion of the initial review described in subsection d of this section, the Secretary of Homeland Security shall provide to the President through the APNSA the recommendations of the Board based on the initial review. These recommendations shall describe:
i identified gaps in, and options for, the Boards composition or authorities;
ii the Boards proposed mission, scope, and responsibilities;
iii membership eligibility criteria for private-sector representatives;
iv Board governance structure including interaction with the executive branch and the Executive Office of the President;
v thresholds and criteria for the types of cyber incidents to be evaluated;
vi sources of information that should be made available to the Board, consistent with applicable law and policy;
vii an approach for protecting the information provided to the Board and securing the cooperation of affected United States individuals and entities for the purpose of the Boards review of incidents; and viii administrative and budgetary considerations required for operation of the Board.
j The Secretary of Homeland Security, in consultation with the Attorney General and the APNSA, shall review the recommendations provided to the President through the APNSA pursuant to subsection i of this section and take steps to implement them as appropriate.
k Unless otherwise directed by the President, the Secretary of Homeland Security shall extend the life of the Board every 2 years as the Secretary of Homeland Security deems appropriate, pursuant to section 871 of the Homeland Security Act of 2002.
Sec. 6. Standardizing the Federal Governments Playbook for Responding to Cybersecurity Vulnerabilities and Incidents. a The cybersecurity vulnerability and incident response procedures currently used to identify, remediate, and recover from vulnerabilities and incidents affecting their systems vary across agencies, hindering the ability of lead agencies to analyze vulnerabilities and incidents more comprehensively across agencies. Standardized response processes ensure a more coordinated and centralized cataloging of incidents and tracking of agencies progress toward successful responses.
b Within 120 days of the date of this order, the Secretary of Homeland Security acting through the Director of CISA, in consultation with the Director of OMB, the Federal Chief Information Officers Council, and the Federal Chief Information Security Council, and in coordination with the Secretary of Defense acting through the Director of the NSA, the Attorney General, and the Director of National Intelligence, shall develop a standard set of operational procedures playbook to be used in planning and conducting a cybersecurity vulnerability and incident response activity respecting FCEB
Information Systems. The playbook shall:
i incorporate all appropriate NIST standards;
ii be used by FCEB Agencies; and iii articulate progress and completion through all phases of an incident response, while allowing flexibility so it may be used in support of various response activities.
c The Director of OMB shall issue guidance on agency use of the playbook.
d Agencies with cybersecurity vulnerability or incident response procedures that deviate from the playbook may use such procedures only after consulting with the Director of OMB and the APNSA and demonstrating that these procedures meet or exceed the standards proposed in the playbook.

VerDate Sep<11>2014

15:52 May 14, 2021

Jkt 253001

PO 00000

Frm 00010

Fmt 4705

Sfmt 4790

E:FRFM17MYE0.SGM

17MYE0