H.R.5983 - Homeland Security Network Defense and Accountability Act of 2008110th Congress (2007-2008)
Summary: H.R.5983 — 110th Congress (2007-2008)
Passed House amended (07/30/2008)
Homeland Security Network Defense and Accountability Act of 2008 - Amends the Homeland Security Act of 2002 to direct the Secretary of the Department of Homeland Security (DHS) to delegate to the Department's Chief Information Officer (CIO) authority for the development, approval, implementation, integration, and oversight of DHS policies, procedures, activities, funding, and systems relating to information management and information infrastructure.
Lists CIO qualifications (including at least five years of executive leadership and management experience in information technology and information security) and functions (including establishing an incident response team).
(Sec. 3) Directs the CIO to establish, oversee the deployment of, and regularly update security control testing protocols that ensure that DHS's information infrastructure is effectively protected against known attacks and exploitations of federal and contractor information infrastructure.
(Sec. 4) Requires the Inspector General to conduct performance and programmatic reviews of DHS's information infrastructure to determine the effectiveness of its security policies and controls. Requires programmatic reviews to: (1) determine whether a DHS component is complying with policies, processes, and procedures established by the CIO; and (2) focus on risk assessment, management, and mitigation, with primary regard to the implementation of best practices such as authentication, access control (including remote access), intrusion detection and prevention, and data protection and integrity. Directs the Inspector General to submit a security report on each review that includes prioritized recommendations for improving security controls, including recommendations regarding funding changes and personnel management, to the Secretary, CIO, and head of the DHS component. Requires: (1) the DHS component head and the CIO to jointly submit a corrective action report to the Secretary and the Inspector General; and (2) the Inspector General to submit an annual report to the House and Senate homeland security committees.
(Sec. 5) Defines "information infrastructure" under such Act as systems and assets used in processing, transmitting, receiving, or storing information electronically.
(Sec. 6) Requires the Secretary, before entering into or renewing a covered contract and acting through the CIO, to determine that the contractor has an internal information systems security policy that complies with DHS information security requirements. Sets forth contract requirements regarding security and subcontracting, including requiring the contractor to: (1) provide contracted services on a continuing basis to DHS in the event of an unplanned or disruptive event; (2) deliver timely notice of any internal computer incident that could violate or threaten computer security policies, acceptable use policies, or standard security practices at DHS to the U.S. Computer Emergency Readiness Team and the incident response team; and (3) develop and implement a plan for the award of subcontracts to small business and disadvantaged business concerns.
Directs the Secretary to report to the House Homeland Security Committee and the Senate Homeland Security and Governmental Affairs Committee on: (1) progress in implementing requirements issued by the Office of Management and Budget (OMB) for encryption, authentication, Internet Protocol version 6, and Trusted Internet Connections; (2) a plan to investigate breaches against DHS's information infrastructure for purposes of counterintelligence assessment, attribution, and response; (3) a proposal to increase threat information sharing with contractors and provide specialized damage assessment training to private sector information security professionals; and (4) a process to coordinate DHS's information infrastructure protection activities.
(Sec. 7) Provides that nothing in this Act shall affect the application of the Federal Information Management Security Act of 2002 to DHS.