Skip to main content
Find a Lawyer

42 U.S.C. § 18725 - U.S. Code - Unannotated Title 42. The Public Health and Welfare § 18725. Cybersecurity plan

Current as of January 01, 2024 | Updated by Findlaw Staff

(a)In general

The Secretary may require, as the Secretary determines appropriate, a recipient of any award or other funding under this chapter--

(1) to submit to the Secretary, prior to the issuance of the award or other funding, a cybersecurity plan that demonstrates the cybersecurity maturity of the recipient in the context of the project for which that award or other funding was provided; and

(2) establish a plan for maintaining and improving cybersecurity throughout the life of the proposed solution of the project.

(b)Contents of cybersecurity plan

A cybersecurity plan described in subsection (a) shall, at a minimum, describe how the recipient described in that subsection--

(1) plans to maintain cybersecurity between networks, systems, devices, applications, or components--

(A) within the proposed solution of the project; and

(B) at the necessary external interfaces at the proposed solution boundaries;

(2) will perform ongoing evaluation of cybersecurity risks to address issues as the issues arise throughout the life of the proposed solution;

(3) will report known or suspected network or system compromises of the project to the Secretary; and

(4) will leverage applicable cybersecurity programs of the Department, including cyber vulnerability testing and security engineering evaluations.

(c)Additional guidance

Each recipient described in subsection (a) should--

(1) maximize the use of open guidance and standards, including, wherever possible--

(A) the Cybersecurity Capability Maturity Model of the Department (or a successor model); and

(B) the Framework for Improving Critical Infrastructure Cybersecurity of the National Institute of Standards and Technology; and

(2) document --

(A) any deviation from open standards; and

(B) the utilization of proprietary standards where the recipient determines that such deviation necessary.

(d)Coordination

The Office of Cybersecurity, Energy Security, and Emergency Response of the Department shall review each cybersecurity plan submitted under subsection (a) to ensure integration with Department research, development, and demonstration programs.

(e)Protection of information

Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any electric utility or the bulk-power system--

(1) shall be exempt from disclosure under section 552(b)(3) of Title 5; and

(2) shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - 42 U.S.C. § 18725 - U.S. Code - Unannotated Title 42. The Public Health and Welfare § 18725. Cybersecurity plan - last updated January 01, 2024 | https://codes.findlaw.com/us/title-42-the-public-health-and-welfare/42-usc-sect-18725/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard