15 USC CHAPTER 100A, SUBCHAPTER IV: ADVANCEMENT OF CYBERSECURITY TECHNICAL STANDARDS
Result 1 of 1
   
 
<< Previous   TITLE 15 / CHAPTER 100A / SUBCHAPTER IV   Next >>
 
15 USC CHAPTER 100A, SUBCHAPTER IV: ADVANCEMENT OF CYBERSECURITY TECHNICAL STANDARDS
From Title 15—COMMERCE AND TRADECHAPTER 100A—CYBERSECURITY ENHANCEMENT

SUBCHAPTER IV—ADVANCEMENT OF CYBERSECURITY TECHNICAL STANDARDS

§7461. Definitions

In this subchapter:

(1) Director

The term "Director" means the Director of the National Institute of Standards and Technology.

(2) Institute

The term "Institute" means the National Institute of Standards and Technology.

(Pub. L. 113–274, title V, §501, Dec. 18, 2014, 128 Stat. 2986.)

§7462. International cybersecurity technical standards

(a) In general

The Director, in coordination with appropriate Federal authorities, shall—

(1) as appropriate, ensure coordination of Federal agencies engaged in the development of international technical standards related to information system security; and

(2) not later than 1 year after December 18, 2014, develop and transmit to Congress a plan for ensuring such Federal agency coordination.

(b) Consultation with the private sector

In carrying out the activities specified in subsection (a)(1), the Director shall ensure consultation with appropriate private sector stakeholders.

(Pub. L. 113–274, title V, §502, Dec. 18, 2014, 128 Stat. 2986.)

§7463. Cloud computing strategy

(a) In general

The Director, in coordination with the Office of Management and Budget, in collaboration with the Federal Chief Information Officers Council, and in consultation with other relevant Federal agencies and stakeholders from the private sector, shall continue to develop and encourage the implementation of a comprehensive strategy for the use and adoption of cloud computing services by the Federal Government.

(b) Activities

In carrying out the strategy described under subsection (a), the Director shall give consideration to activities that—

(1) accelerate the development, in collaboration with the private sector, of standards that address interoperability and portability of cloud computing services;

(2) advance the development of conformance testing performed by the private sector in support of cloud computing standardization; and

(3) support, in coordination with the Office of Management and Budget, and in consultation with the private sector, the development of appropriate security frameworks and reference materials, and the identification of best practices, for use by Federal agencies to address security and privacy requirements to enable the use and adoption of cloud computing services, including activities—

(A) to ensure the physical security of cloud computing data centers and the data stored in such centers;

(B) to ensure secure access to the data stored in cloud computing data centers;

(C) to develop security standards as required under section 278g–3 of this title; and

(D) to support the development of the automation of continuous monitoring systems.

(Pub. L. 113–274, title V, §503, Dec. 18, 2014, 128 Stat. 2986.)

§7464. Identity management research and development

(a) In general

The Director shall carry out a program of research to support the development of voluntary, consensus-based technical standards, best practices, benchmarks, methodologies, metrology, testbeds, and conformance criteria for identity management, taking into account appropriate user concerns to—

(1) improve interoperability and portability among identity management technologies;

(2) strengthen identity proofing and verification methods used in identity management systems commensurate with the level of risk, including identity and attribute validation services provided by Federal, State, and local governments;

(3) improve privacy protection in identity management systems; and

(4) improve the accuracy, usability, and inclusivity of identity management systems.

(b) Digital identity technical roadmap

The Director, in consultation with other relevant Federal agencies and stakeholders from the private sector, shall develop and maintain a technical roadmap for digital identity management research and development focused on enabling the voluntary use and adoption of modern digital identity solutions that align with the four criteria in subsection (a).

(c) Digital identity management guidance

(1) In general

The Director shall develop, and periodically update, in collaboration with other public and private sector organizations, common definitions and voluntary guidance for digital identity management systems, including identity and attribute validation services provided by Federal, State, and local governments.

(2) Guidance

The Guidance shall—

(A) align with the four criteria in subsection (a), as practicable;

(B) provide case studies of implementation of guidance;

(C) incorporate voluntary technical standards and industry best practices; and

(D) not prescribe or otherwise require the use of specific technology products or services.

(3) Consultation

In carrying out this subsection, the Director shall consult with—

(A) Federal and State agencies;

(B) industry;

(C) potential end-users and individuals that will use services related to digital identity verification; and

(D) experts with relevant experience in the systems that enable digital identity verification, as determined by the Director.

(Pub. L. 113–274, title V, §504, Dec. 18, 2014, 128 Stat. 2987; Pub. L. 117–167, div. B, title II, §10225, Aug. 9, 2022, 136 Stat. 1478.)


Editorial Notes

Amendments

2022Pub. L. 117–167 amended section generally. Prior to amendment, section related to Director's continuance of program to support development of voluntary and cost-effective technical standards, metrology, testbeds, and conformance criteria, taking into account appropriate user concerns.