Skip to main content
Find a Lawyer

15 U.S.C. § 278g-3c - U.S. Code - Unannotated Title 15. Commerce and Trade § 278g-3c. Guidelines on the disclosure process for security vulnerabilities relating to information systems, including Internet of Things devices

Current as of January 01, 2024 | Updated by Findlaw Staff

(a)In general

Not later than 180 days after December 4, 2020, the Director of the Institute, in consultation with such cybersecurity researchers and private sector industry experts as the Director considers appropriate, and in consultation with the Secretary, shall develop and publish under section 278g-3 of this title guidelines--

(1) for the reporting, coordinating, publishing, and receiving of information about--

(A) a security vulnerability relating to information systems owned or controlled by an agency (including Internet of Things devices owned or controlled by an agency); and

(B) the resolution of such security vulnerability; and

(2) for a contractor providing to an agency an information system (including an Internet of Things device) and any subcontractor thereof at any tier providing such information system to such contractor, on--

(A) receiving information about a potential security vulnerability relating to the information system; and

(B) disseminating information about the resolution of a security vulnerability relating to the information system.

(b)Elements

The guidelines published under subsection (a) shall--

(1) to the maximum extent practicable, be aligned with industry best practices and Standards 29147 and 30111 of the International Standards Organization (or any successor standard) or any other appropriate, relevant, and widely-used standard;

(2) incorporate guidelines on--

(A) receiving information about a potential security vulnerability relating to an information system owned or controlled by an agency (including an Internet of Things device); and

(B) disseminating information about the resolution of a security vulnerability relating to an information system owned or controlled by an agency (including an Internet of Things device); and

(3) be consistent with the policies and procedures produced under section 659(m) of Title 6.

(c)Information items

The guidelines published under subsection (a) shall include example content, on the information items that should be reported, coordinated, published, or received pursuant to this section by a contractor, or any subcontractor thereof at any tier, providing an information system (including Internet of Things device) to the Federal Government.

(d)Oversight

The Director of OMB shall oversee the implementation of the guidelines published under subsection (a).

(e)Operational and technical assistance

The Secretary, in consultation with the Director of OMB, shall administer the implementation of the guidelines published under subsection (a) and provide operational and technical assistance in implementing such guidelines.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - 15 U.S.C. § 278g-3c - U.S. Code - Unannotated Title 15. Commerce and Trade § 278g-3c. Guidelines on the disclosure process for security vulnerabilities relating to information systems, including Internet of Things devices - last updated January 01, 2024 | https://codes.findlaw.com/us/title-15-commerce-and-trade/15-usc-sect-278g-3c/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard