US Code

Public Law 119-83 (04/13/2026)

42 U.S.C. § 18935

Dissemination of resources for research institutions

(a)

Dissemination of resources for research institutions

(1)

In general

section 272 of title 15Not later than one year after , the Director shall, using the authorities of the Director under subsections (c)(15) and (e)(1)(A)(ix) of , disseminate and make publicly available tailored resources to help qualifying institutions identify, assess, manage, and reduce their cybersecurity risk related to conducting research.

(2)

Requirements

The Director shall ensure that the resources disseminated pursuant to paragraph (1)—
(A)
are generally applicable and usable by a wide range of qualifying institutions;
(B)
vary with the nature and size of the qualifying institutions, and the nature and sensitivity of the data collected or stored on the information systems or devices of the qualifying institutions;
(C)
include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist qualifying institutions in mitigating common cybersecurity risks;
(D)
include case studies, examples, and scenarios of practical application;
(E)
are outcomes-based and can be implemented using a variety of technologies that are commercial and off-the-shelf; and
(F)
to the extent practicable, are based on international technical standards.
(3)

National cybersecurity awareness and education program

section 7443 of title 15The Director shall ensure that the resources disseminated under paragraph (1) are consistent with the efforts of the Director under .

(4)

Updates

The Director shall review periodically and update the resources under paragraph (1) as the Director determines appropriate.

(5)

Voluntary resources

The use of the resources disseminated under paragraph (1) shall be considered voluntary.

(b)

Other Federal cybersecurity requirements

Nothing in this section may be construed to supersede, alter, or otherwise affect any cybersecurity requirements applicable to Federal agencies.

(c)

Definitions

In this section:
(1)

Qualifying institutions

The term “qualifying institutions” means institutions of higher education that are awarded in excess of $50,000,000 per year in total Federal research funding.

(2)

Resources

The term “resources” means guidelines, tools, best practices, technical standards, methodologies, and other ways of providing information.

Pub. L. 117–167, div. B, title II, § 10229136 Stat. 1481 (, , .)