I
118THCONGRESS
1
STSESSION H. R. 5786
To establish in the National Nuclear Security Administration a Cybersecurity
Risk Inventory, Assessment, and Mitigation Working Group.
IN THE HOUSE OF REPRESENTATIVES
SEPTEMBER28, 2023
Mr. C
ARBAJAL(for himself, Mr. BACON, and Mr. GALLAGHER) introduced the
following bill; which was referred to the Committee on Armed Services
A BILL
To establish in the National Nuclear Security Administration
a Cybersecurity Risk Inventory, Assessment, and Mitiga-
tion Working Group.
Be it enacted by the Senate and House of Representa-1
tives of the United States of America in Congress assembled, 2
SECTION 1. CYBERSECURITY RISK INVENTORY, ASSESS-3
MENT, AND MITIGATION WORKING GROUP. 4
Subtitle A of title XXXII of the National Defense Au-5
thorization Act for Fiscal Year 2000 (Public Law 106– 6
65) is amended by adding at the end the following new 7
section: 8
VerDate Sep 11 2014 04:16 Oct 01, 2023 Jkt 039200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\H5786.IH H5786
kjohnson on DSK7ZCZBW3PROD with $$_JOB 2
•HR 5786 IH
‘‘SEC. 3222. CYBERSECURITY RISK INVENTORY, ASSESS-1
MENT, AND MITIGATION WORKING GROUP. 2
‘‘(a) E
STABLISHMENT.—There is in the Administra-3
tion a working group, to be known as the ‘Cybersecurity 4
Risk Inventory, Assessment, and Mitigation Working 5
Group’. 6
‘‘(b) M
EMBERSHIP.—Members of the working group 7
shall include the Deputy Administrator for Defense Pro-8
grams, the Associate Administrator for Information Man-9
agement and Chief Information Officer, and staff from 10
other offices as determined appropriate by the Deputy Ad-11
ministrator and Associate Administrator. 12
‘‘(c) C
OMPREHENSIVE STRATEGY.—The working 13
group shall prepare a comprehensive strategy for 14
inventorying the range of National Nuclear Security Ad-15
ministration systems that are potentially at risk in the 16
operational technology and nuclear weapons information 17
technology environments, assessing the systems at risk, 18
and implementing risk mitigation actions. Such strategy 19
shall incorporate key elements of effective cybersecurity 20
risk management strategies, as identified by the Govern-21
ment Accountability Office, including the specification 22
of— 23
‘‘(1) goals, objectives, activities, and perform-24
ance measures; 25
VerDate Sep 11 2014 04:16 Oct 01, 2023 Jkt 039200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H5786.IH H5786
kjohnson on DSK7ZCZBW3PROD with $$_JOB 3
•HR 5786 IH
‘‘(2) organizational roles, responsibilities, and 1
coordination; 2
‘‘(3) necessary resources needed to implement 3
the strategy over the next ten years; and 4
‘‘(4) detailed milestones and schedules for com-5
pletion of tasks. 6
‘‘(d) S
UBMISSION TOCONGRESS.— 7
‘‘(1) B
RIEFING.—Not later than 120 days after 8
the date of the enactment of this Act, the members 9
of the working group shall provide to the congres-10
sional defense committees a briefing on the plan of 11
the working group plan to develop the strategy re-12
quired under subsection (c). 13
‘‘(2) S
UBMISSION OF STRATEGY .—Not later 14
than April 1, 2025, the working group shall submit 15
the congressional defense committees a copy of the 16
completed strategy. 17
‘‘(e) T
ERMINATION.—The working group shall termi-18
nate on the date that is five years after the date of the 19
enactment of this section.’’. 20
Æ
VerDate Sep 11 2014 04:16 Oct 01, 2023 Jkt 039200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6301 E:\BILLS\H5786.IH H5786
kjohnson on DSK7ZCZBW3PROD with $$_JOB