This bill addresses cybersecurity threats against critical infrastructure and the federal government.
The Cybersecurity and Infrastructure Security Agency (CISA) must perform ongoing and continuous assessments of federal risk posture.
An agency, within a specified time frame, must (1) determine whether notice to any individual potentially affected by a breach is appropriate based on a risk assessment and (2) as appropriate, provide written notice to each individual potentially affected.
Each agency must (1) provide information relating to a major incident to specified parties and (2) develop specified training for individuals with access to federal information or information systems.
The bill requires reporting and other actions to address cybersecurity incidents.