Date: May 7, 2013
House Passes H.R. 1163
The Federal Information Security Amendments Act of 2013
On April 16, 2013, the House passed H.R. 1163, the Federal Information Security Amendments Act of 2013 under suspension of the rules by a vote of 416-0. The bill would amend Federal information security provisions established by the Federal Information Security Management Act of 2002 and codify Federal security monitoring requirements. The bill now goes to the Senate for further action.
Following are provisions of interest to SSA:
- Would require each agency head to: provide information security protections commensurate with risks of unauthorized access or use of agency information systems; ensure agency’s information security management is integrated with agency strategic and operational plans and budget processes; and ensure that information security measures are included in agency managers’ annual performance reviews.
- Would require each agency Chief Information Officer (CIO) or senior official who reports to the CIO (designated as the Chief Information Security Officer) to oversee the development and maintenance of security operations that continuously monitor and evaluate risks and threats.
- Would require the Chief Information Security Officer to report incidents to the Federal information security incident center established in this bill, and the agency’s Inspector General, within 24 hours of discovery and develop and oversee an agency information security program that meets the security and continuous monitoring requirements established in the bill.
- Would require each agency to submit an annual report to the Office of Management and Budget (OMB) and appropriate congressional committees on the effectiveness of the agency’s information security operations and its compliance with the security requirements in the bill.
- Would require OMB to establish a Federal information security incident center, which would provide technical assistance to agency information systems operators on security threats and vulnerabilities. Would also require OMB to annually report to Congress on agency compliance with security requirements in this bill, including significant deficiencies and planned remedial action for agencies to address deficiencies.
- Would use amounts authorized or appropriated to carry out requirements of this bill; no additional funds would be authorized.
- Would become effective 30 days after enactment.