View all text of Subchapter I [§ 2401 - § 2412]
§ 2412. Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group
(a) Establishment
(b) Membership
Members of the working group shall include—
(1) the Deputy Administrator for Defense Programs;
(2) the Associate Administrator for Information Management and Chief Information Officer; and
(3) such other personnel of the Administration as are determined appropriate for inclusion in the working group by the Chairperson.
(c) Chairperson
(d) Comprehensive strategy
The working group shall prepare a comprehensive strategy for inventorying the range of systems of the Administration that are potentially at risk in the operational technology and nuclear weapons information technology environments, assessing the systems at risk based on mission impact, and implementing risk mitigation actions. Such strategy shall incorporate key elements of effective cybersecurity risk management strategies, as identified by the Government Accountability Office, including the specification of—
(1) goals, objectives, activities, and performance measures;
(2) organizational roles, responsibilities, and coordination;
(3) resources needed to implement the strategy through 2034; and
(4) detailed milestones and schedules for completion of tasks.
(e) Submission to Congress
(1) Interim briefing
(2) Completed strategy
(f) Termination
(Pub. L. 106–65, div. C, title XXXII, § 3222, as added Pub. L. 118–31, div. C, title XXXI, § 3113, Dec. 22, 2023, 137 Stat. 789.)