47 USC 1607: NTIA program for preventing future vulnerabilities
Result 1 of 1
   
 
47 USC 1607: NTIA program for preventing future vulnerabilities Text contains those laws in effect on November 22, 2024
From Title 47-TELECOMMUNICATIONSCHAPTER 15-SECURE AND TRUSTED COMMUNICATIONS NETWORKS
Jump To: Source Credit

§1607. NTIA program for preventing future vulnerabilities

(a) Future vulnerability program

(1) Establishment

Not later than 120 days after March 12, 2020, including an opportunity for notice and comment, the Assistant Secretary, in cooperation with the Director of National Intelligence, the Director of the Federal Bureau of Investigation, the Secretary of Homeland Security, and the Commission, shall establish a program to share information regarding supply chain security risks with trusted providers of advanced communications service and trusted suppliers of communications equipment or services.

(2) Activities

In carrying out the program established under paragraph (1), the Assistant Secretary shall-

(A) conduct regular briefings and other events to share information with trusted providers of advanced communications service and trusted suppliers of communications equipment or services;

(B) engage with trusted providers of advanced communications service and trusted suppliers of communications equipment or services, in particular such providers and suppliers that-

(i) are small businesses; or

(ii) primarily serve rural areas;


(C) not later than 180 days after March 12, 2020, submit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a plan for-

(i) declassifying material, when feasible, to help share information regarding supply chain security risks with trusted providers of advanced communications service and trusted suppliers of communications equipment or services; and

(ii) expediting and expanding the provision of security clearances to facilitate information sharing regarding supply chain security risks with trusted providers of advanced communications service and trusted suppliers of communications equipment or services; and


(D) ensure that the activities carried out through the program are consistent with and, to the extent practicable, integrated with, ongoing activities of the Department of Homeland Security and the Department of Commerce.

(3) Scope of program

The program established under paragraph (1) shall involve only the sharing of information regarding supply chain security risks by the Federal Government to trusted providers of advanced communications service and trusted suppliers of communications equipment or services, and not the sharing of such information by such providers and suppliers to the Federal Government.

(b) Representation on CSRIC of interests of public and consumers

(1) In general

The Commission shall appoint to the Communications Security, Reliability, and Interoperability Council (or any successor thereof), and to each subcommittee, workgroup, or other subdivision of the Council (or any such successor), at least one member to represent the interests of the public and consumers.

(2) Initial appointments

The Commission shall make the initial appointments required by paragraph (1) not later than 180 days after March 12, 2020. Any member so appointed shall be in addition to the members of the Council, or the members of the subdivision of the Council to which the appointment is being made, as the case may be, as of March 12, 2020.

(c) Definitions

In this section:

(1) Assistant Secretary

The term "Assistant Secretary" means the Assistant Secretary of Commerce for Communications and Information.

(2) Foreign adversary

The term "foreign adversary" means any foreign government or foreign nongovernment person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.

(3) Supply chain security risk

The term "supply chain security risk" includes specific risk and vulnerability information related to equipment and software.

(4) Trusted

The term "trusted" means, with respect to a provider of advanced communications service or a supplier of communications equipment or service, that the Assistant Secretary has determined that such provider or supplier is not owned by, controlled by, or subject to the influence of a foreign adversary.

( Pub. L. 116–124, §8, Mar. 12, 2020, 134 Stat. 168 .)