Before adjourning for the year, the US Congress passed the Cybersecurity Act of 2015, and President Barack Obama signed the measure into law on December 18, 2015. The Act of 2015 aims to defend against cyberattacks by creating a framework for the voluntary sharing of cyber threat information between private entities and the federal government, as well as within agencies of the federal government. For detailed coverage on this important new legislation, please read our Special Report.

Through the Cybersecurity Nexus (CSX) program, ISACA is committed to providing security professionals with the knowledge, guidance and tools they need to help be effective at their job. We closely monitor legislation affecting cybersecurity, and are poised to keep you up-to-date on significant developments via news on this web page. It's just one of the ways we're working to be your premier resource for all things cybersecurity.




 

Recently Enacted Legislation

P.L. 114-113, Cybersecurity Act of 2015, signed into law December 18, 2015. Promotes and encourages the private sector and the US government to rapidly and responsibly exchange cyber threat information.

P.L. 113-274, Cybersecurity Enhancement Act of 2014, signed into law December 18, 2014. Provides an ongoing, voluntary public-private partnership to improve cybersecurity and strengthen cybersecurity research and development, workforce development and education and public awareness and preparedness.

P.L. 113-282, National Cybersecurity Protection Act of 2014, signed into law December 18, 2014. Codifies an existing operations center for cybersecurity.

P.L. 113-246, Cybersecurity Workforce Assessment Act, signed into law December 18, 2014. Directs the Secretary of Homeland Security, within 180 days and annually thereafter for three years, to conduct an assessment of the cybersecurity workforce of the Department of Homeland Security (DHS).

Bills Worth Watching

H.R. 104, Cyber Privacy Fortification Act of 2015. Would protect cyberprivacy.

  • Introduced January 6, 2015, by J. Conyers (D-MI)

H.R. 234, Cyber Intelligence Sharing and Protection Act. Would provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities.

  • Introduced January 8, 2015, by D. Ruppersberger (D-MI)

H.R.555, Federal Exchange Data Breach Notification Act of 2015. Would require an Exchange established under the Patient Protection and Affordable Care Act to notify individuals in the case that personal information of such individuals is known to have been acquired or accessed as a result of a breach of the security of any system maintained by the Exchange.

  • Introduced January 27, 2015, by D. Black (R-TN)

H.R. 580, Data Accountability and Trust Act. Would protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and provide for nationwide notice in the event of a security breach.

  • Introduced January 28, 2015, by B. Rush (D-IL)

H.R. 1053, Commercial Privacy Bill of Rights Act of 2015. Would establish a regulatory framework for the protection of personal data for individuals under the Federal Trade Commission, and improve provisions relating to collection, use, and disclosure of personal information of children.

  • Introduced February 27, 2015, by A. Sires (D-NJ)

H.R. 1560, Protecting Cyber Networks Act. Would improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats.

  • Introduced March 24, 2015, by D. Nunes (R-CA)
  • Reported (Amended) April 13, 2015, by the Committee on Intelligence. H. Rept. 114-63.
  • Passed House April 22, 2015, by a vote of 307 to 116.

H.R. 1704, Personal Data Notification and Protection Act of 2015. Would establish a national data breach notification standard.

  • Introduced March 26, 2015, by J. Langevin (D-RI)

H.R. 1731, National Cybersecurity Protection Advancement Act of 2015 Would enhance multi-directional sharing of information related to cybersecurity risks and strengthen privacy and civil liberties protections.

  • Introduced April 13, 2015, by M. McCaul (R-TX)
  • Reported (Amended) April 17, 2015, by the Committee on Homeland Security. H. Rept. 114-83.
  • Passed House April 23, 2015, by a vote of 355 to 63.

H.R. 1770, Data Security and Breach Notification Act of 2015. Would require certain entities who collect and maintain personal information of individuals to secure such information and to provide notice to such individuals in the case of a breach of security involving such information.

  • Introduced April 14, 2015, by M. Blackburn (R-TN)

H.R. 2029, Cybersecurity Act of 2015. Would improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats.

  • Passed House December 18, 2015, by a vote of 316 to 113
  • Passed Senate December 18, 2015, by a vote of 65 to 33
  • Signed into law (P.L. 114-113) by President Obama December 18, 2015

H.R. 2205, Data Security Act of 2015. Would protect financial information relating to consumers and require notice of security breaches.

  • Introduced May 1, 2015, by R. Neugebauer (R-TX)

H.R. 2977, Consumer Privacy Protection Act of 2015. Would ensure the privacy and security of sensitive personal information, prevent and mitigate identity theft, provide notice of security breaches involving sensitive personal information, and enhance law enforcement assistance and other protections against security breaches, fraudulent access, and misuse of personal information.

  • Introduced July 8, 2015, by D. Cicilline (D-RI)

H.R. 3869, State and Local Cyber Protection Act of 2015. Would assist with state and local coordination on cybersecurity with the national cybersecurity and communication integration center.

  • Introduced December 14, 2015, by W. Hurd (R-TX)
  • Reported December 3, 2015, by Committee on Homeland Security. H.Rept. 114-363
  • Passed House December 10, 2015, by voice vote

H.R. 4350, Cybersecurity Act of 2015 Repeal. Would repeal the Cybersecurity Act of 2015.

  • Introduced January 8, 2016, by J. Amash (R-MI)

H.R. 5064, Improving Small Business Cyber Security Act of 2016. Would amend the Small Business Act to allow small business development centers to assist and advise small business concerns on relevant cyber security matters.

  • Introduced April 26, 2016, by R. Hanna (R-NY)
  • Reported (Amended) July 1, 2016, by the Committee on Homeland Security. H. Rept. 114-654.

H.R. 5069, Cybersecurity Systems and Risk Reporting Act. Would amend the Sarbanes-Oxley Act of 2002 to protect investors by expanding the mandated internal controls reports and disclosures to include cybersecurity systems and risks of publicly traded companies.

  • Introduced April 26, 2016, by J. McDermott (D-WA)

H.R. 5459, Cyber Preparedness Act of 2016. Would amend the Homeland Security Act of 2002 to enhance preparedness and response capabilities for cyber attacks, bolster the dissemination of homeland security information related to cyber threats.

  • Introduced June 16, 2016, by D.M. Donovan, Jr. (R-NY)

S. 135, Secure Data Act of 2015. Would provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities.

  • Introduced January 8, 2015, by R. Wyden (D-OR)

S. 177, Data Security and Breach Notification Act of 2015. Would protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and provide for nationwide notice in the event of a breach of security.

  • Introduced January 13, 2015, by B. Nelson (D-FL)

S. 456, Cyberthreat Sharing Act of 2015. Would codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information systems.

  • Introduced February 11, 2015, by T. Carper (D-DE)

S. 547, Commercial Privacy Bill of Rights Act of 2015. Would establish a regulatory framework for the protection of personal data for individuals under the Federal Trade Commission, and improve provisions relating to collection, use, and disclosure of personal information of children.

  • Introduced February 24, 2015, by R. Menendez (D-NJ)

S. 754, Cybersecurity Information Sharing Act of 2015. Would improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats.

  • Introduced March 17, 2015, by R. Burr (R-NC)
  • Senator Burr from Select Committee on Intelligence filed written report, April 15, 2015. Report No. 114-32.
  • Passed Senate October 27, 2015 by a vote of 74 to 21

S. 961, Data Security Act of 2015. Would protect information relating to consumers and require notice of security breaches.

  • Introduced April 15, 2015, by T. Carper (D-DE)

S. 1027, Data Breach Notification and Punishing Cyber Criminals Act of 2015. Would require notification of information security breaches and enhance penalties for cyber criminals.

  • Introduced April 21, 2015, by M. Kirk (R-IL)

S. 1158, Consumer Privacy Protection Act of 2015. Would ensure the privacy and security of sensitive personal information, mitigate identity theft, and provide notice of security breaches.

  • Introduced April 30, 2015, by P. Leahy (D-VT)

S. 2410, Cybersecurity Disclosure Act of 2015. Would promote transparency in the oversight of cybersecurity risks at publicly traded companies.

  • Introduced December 17, 2015, by J. Reed (D-RI)

S. 2665, State and Local Cyber Protection Act of 2015. Would assist with state and local coordination on cybersecurity with the national cybersecurity and communication integration center.

  • Introduced March 10, 2016, by G.C. Peters (D-MI)

S. 3024, Small Business Cyber Security Improvements Act of 2016. Would improve cybersecurity for small businesses.

  • Introduced June 6, 2016, by D. Vitter (R-LA)
  • Reported (w/o Amendment) June 8, 2016, by the Committee on Small Business and Entrepreneurship