OAKMOREL Forensic Intelligence // [email protected]
15 U.S.C. § 278g3c 15 u.s.c. · national institute of standards and tech · title 15
15 U.S.C. § 278g3c
Guidelines on the disclosure process for security vulnerabilities relating to information systems, including Internet of Things devices
Title 15 USC
● ACTIVE
Ch. 7
Jurisdiction Federal — United States
Chapter NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Primary Source uscode.house.gov ↗
Federation ID OM-USC15-SEC-097963
STATUTORY TEXT primary source · verbatim · uscode.house.gov

U.S.C. Title 15 - COMMERCE AND TRADE 15 U.S.C. United States Code, 2023 Edition Title 15 - COMMERCE AND TRADE CHAPTER 7 - NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Sec. 278g-3c - Guidelines on the disclosure process for security vulnerabilities relating to information systems, including Internet of Things devices From the U.S. Government Publishing Office, www.gpo.gov

§278g–3c. Guidelines on the disclosure process for security vulnerabilities relating to information systems, including Internet of Things devices

(a) In general Not later than 180 days after December 4, 2020, the Director of the Institute, in consultation with such cybersecurity researchers and private sector industry experts as the Director considers appropriate, and in consultation with the Secretary, shall develop and publish under section 278g–3 of this title guidelines— (1) for the reporting, coordinating, publishing, and receiving of information about— (A) a security vulnerability relating to information systems owned or controlled by an agency (including Internet of Things devices owned or controlled by an agency); and (B) the resolution of such security vulnerability; and

(2) for a contractor providing to an agency an information system (including an Internet of Things device) and any subcontractor thereof at any tier providing such information system to such contractor, on— (A) receiving information about a potential security vulnerability relating to the information system; and (B) disseminating information about the resolution of a security vulnerability relating to the information system. (b) Elements The guidelines published under subsection (a) shall— (1) to the maximum extent practicable, be aligned with industry best practices and Standards 29147 and 30111 of the International Standards Organization (or any successor standard) or any other appropriate, relevant, and widely-used standard; (2) incorporate guidelines on— (A) receiving information about a potential security vulnerability relating to an information system owned or controlled by an agency (including an Internet of Things device); and (B) disseminating information about the resolution of a security vulnerability relating to an information system owned or controlled by an agency (including an Internet of Things device); and

(3) be consistent with the policies and procedures produced under section 659(m) of title 6. (c) Information items The guidelines published under subsection (a) shall include example content, on the information items that should be reported, coordinated, published, or received pursuant to this section by a contractor, or any subcontractor thereof at any tier, providing an information system (including Internet of Things device) to the Federal Government. (d) Oversight The Director of OMB shall oversee the implementation of the guidelines published under subsection (a). (e) Operational and technical assistance The Secretary, in consultation with the Director of OMB, shall administer the implementation of the guidelines published under subsection (a) and provide operational and technical assistance in implementing such guidelines.

(Pub. L. 116–207, §5, Dec. 4, 2020, 134 Stat. 1004.)

Editorial Notes

Codification Section was enacted as part of the Internet of Things Cybersecurity Improvement Act of 2020, also known as the IoT Cybersecurity Improvement Act of 2020, and not as part of the National Institute of Standards and Technology Act which comprises this chapter.

Statutory Notes and Related Subsidiaries

Definitions For definitions of terms used in this section, see section 278g–3a of this title.

Source: uscode.house.gov — public domain Official Source ↗
ROOT-LD ENTITY DATA machine-readable · federation graph · v1.0
Federation ID
OM-USC15-SEC-097963
Entity Class
STATUTE / FEDERAL-CODE-SECTION
Domain Signature
oakmorel.com
Spec Version
Root-LD v1.0
Source
PRIMARY-SOURCE
Content Hash
83c033284bc68922...
Source Verified
✓ TRUE
Semantic Edges
PENDING — corpus passes queued
The statutory text of 15 U.S.C. § 278g3c is reproduced from the official United States Code as published by the Office of the Law Revision Counsel of the U.S. House of Representatives (uscode.house.gov).
NAVIGATE CORPUS title 15 · commerce and trade
← 15 U.S.C. § 278g3b 15 U.S.C. § 278g3d →
Chapter 7 — NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
15 U.S.C. § 27115 U.S.C. § 27215 U.S.C. § 272a15 U.S.C. § 272b15 U.S.C. § 27315 U.S.C. § 273a15 U.S.C. § 27415 U.S.C. § 27515 U.S.C. § 275a15 U.S.C. § 275b15 U.S.C. § 275c15 U.S.C. § 27615 U.S.C. § 27715 U.S.C. § 27815 U.S.C. § 278a15 U.S.C. § 278b15 U.S.C. § 278c15 U.S.C. § 278d15 U.S.C. § 278e15 U.S.C. § 278f15 U.S.C. § 278g15 U.S.C. § 278g115 U.S.C. § 278g215 U.S.C. § 278g2a
15 U.S.C. — public domain ← All Legislation
OakMorel Law
15 U.S.C.
Citation
15 U.S.C. § 278g3c
Status
● ACTIVE
Chapter
7 — NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Title
Commerce and Trade
Jurisdiction
Federal
Federation ID
OM-USC15-SEC-097963
Root-LD Spec
v1.0
► Forensic Services
Procurement fraud, platform integrity, litigation support. First conversation free.
► CONTACT OAKMOREL →
↑↓ Scroll ENTER Select ESC Exit
Commerce and Trade — 15 U.S.C. § 278g3c