US HB451 | 2015-2016 | 114th Congress
Status
Spectrum: Partisan Bill (Republican 39-0)
Status: Introduced on January 21 2015 - 25% progression, died in chamber
Action: 2016-01-06 - Placed on the Union Calendar, Calendar No. 293.
Text: Latest bill text (Introduced) [PDF]
Status: Introduced on January 21 2015 - 25% progression, died in chamber
Action: 2016-01-06 - Placed on the Union Calendar, Calendar No. 293.
Text: Latest bill text (Introduced) [PDF]
Summary
Safe and Secure Federal Websites Act of 2015 This bill establishes security and privacy requirements for new federal websites that collect personally identifiable information (PII) (i.e., information that can be used to distinguish or trace the identity of an individual or that is linked or linkable to an individual). (Sec. 2) A federal agency may not deploy or make available to the public a new federal PII website until the agency's chief information officer (CIO) certifies to Congress that the website is fully functional and secure. The CIO must make such certification within 90 days after enactment of this Act. After such 90-day period, any new federal PII website that has not been certified must be rendered inaccessible until certification is submitted. The prohibition does not apply to a website that is: (1) operated entirely by an entity that is independent of the federal government, or (2) in a development or testing phase (beta website). The exemption for beta websites applies only if: (1) a member of the public may access PII-related portions of the website only after executing an agreement that acknowledges the risks involved; and (2) no agency compelled, enjoined, or otherwise provided incentives for a member of the public to access such website. The bill defines a "new federal PII website" as a website that: (1) is operated by (or under contract with) an agency; (2) elicits, collects, stores, or maintains PII and is accessible to the public; and (3) is first made accessible to the public and collects or stores PII on or after October 1, 2012. The bill also sets forth requirements that must be met to deem a new federal PII website as "secure." (Sec. 3) The Director of the Office of Management and Budget (OMB) must establish and oversee policies and procedures for federal agencies to follow in the event of a breach of information security involving the disclosure of PII, including: (1) notice, not later than 72 hours after discovery of a breach or possible breach, to individuals whose PII could be compromised; and (2) timely reporting to a federal cybersecurity center designated by the OMB and defined in this Act. Agency heads must ensure that agency actions taken in response to a breach of information security involving the disclosure of PII comply with OMB policies and procedures established by this Act. The OMB must report to Congress, not later than March 1 of each year, on agency compliance with such policies and procedures. A "federal cybersecurity center" is defined to include: (1) the Department of Defense Cyber Crime Center, (2) the Intelligence Community Incident Response Center, (3) the U.S. Cyber Command Joint Operations Center, (4) the National Cyber Investigative Task Force, (5) the Central Security Service Threat Operations Center of the National Security Agency, (6) the U.S. Computer Emergency Readiness Team, and (7) any center that the OMB determines is appropriate to carry out privacy breach notice and reporting requirements.
Title
Safe and Secure Federal Websites Act of 2015
Sponsors
Rep. Charles Fleischmann [R-TN] | Rep. Scott DesJarlais [R-TN] | Rep. Dana Rohrabacher [R-CA] | Rep. Lynn Westmoreland [R-GA] |
Rep. Mike Kelly [R-PA] | Sen. Cynthia Lummis [R-WY] | Rep. James Sensenbrenner [R-WI] | Sen. Marsha Blackburn [R-TN] |
Rep. Brett Guthrie [R-KY] | Rep. Robert Hurt [R-VA] | Rep. Dan Benishek [R-MI] | Rep. Bill Posey [R-FL] |
Rep. John Kline [R-MN] | Rep. Joe Wilson [R-SC] | Rep. Robert Latta [R-OH] | Rep. Blake Farenthold [R-TX] |
Rep. Tom Cole [R-OK] | Rep. Todd Rokita [R-IN] | Rep. Ken Calvert [R-CA] | Rep. Peter Roskam [R-IL] |
Rep. Morgan Griffith [R-VA] | Rep. Steve King [R-IA] | Rep. Glenn Thompson [R-PA] | Rep. Lynn Jenkins [R-KS] |
Rep. Dennis Ross [R-FL] | Rep. Aaron Schock [R-IL] | Rep. Mike Coffman [R-CO] | Rep. Rodney Frelinghuysen [R-NJ] |
Rep. Frank Lucas [R-OK] | Rep. Bill Johnson [R-OH] | Rep. Mark Amodei [R-NV] | Sen. Kevin Cramer [R-ND] |
Rep. David Roe [R-TN] | Rep. John Carter [R-TX] | Rep. Mark Sanford [R-SC] | Rep. Chris Collins [R-NY] |
Rep. Robert Pittenger [R-NC] | Rep. David Schweikert [R-AZ] | Rep. Lou Barletta [R-PA] |
History
Date | Chamber | Action |
---|---|---|
2016-01-06 | House | Placed on the Union Calendar, Calendar No. 293. |
2016-01-06 | House | Reported (Amended) by the Committee on Oversight and Government Reform. H. Rept. 114-390. |
2015-05-19 | House | Ordered to be Reported (Amended) by Voice Vote. |
2015-05-19 | House | Committee Consideration and Mark-up Session Held. |
2015-01-21 | House | Referred to the House Committee on Oversight and Government Reform. |
2015-01-21 | House | Introduced in House |
Subjects
Administrative law and regulatory procedures
Computer security and identity theft
Government information and archives
Government operations and politics
Internet and video services
Office of Management and Budget (OMB)
Right of privacy
Computer security and identity theft
Government information and archives
Government operations and politics
Internet and video services
Office of Management and Budget (OMB)
Right of privacy