Page:United States Statutes at Large Volume 114 Part 3.djvu/316

 114 STAT. 1654A-274 PUBLIC LAW 106-398—APPENDIX (3) work with the National Science Foundation and other agencies on personnel and training initiatives (including scholarships and fellowships, as authorized by law) as necessary to ensure that the Federal Government— (A) has adequate sources of continuing information security education and training available for employees; and (B) has an adequate supply of qualified information security professionals to meet agency needs. (f) INFORMATION SECURITY POLICIES, PRINCIPLES, STANDARDS, AND GUIDELINES. — (1) ADOPTION OF POLICIES, PRINCIPLES, STANDARDS, AND GUIDELINES OF OTHER AGENCIES.— The policies, principles, standards, and guidelines developed under subsection (b) by the Secretary of Defense, the Director of Central Intelligence, and another agency head as designated by the President may be adopted, to the extent that such policies are consistent with policies and guidance developed by the Director of the Office of Management and Budget and the Secretary of Commerce— (A) by the Director of the Office of Management and Budget, as appropriate, for application to the mission critical systems of all agencies; or (B) by an agency head, as appropriate, for application to the mission critical systems of that agency. (2) DEVELOPMENT OF MORE STRINGENT POLICIES, PRIN- CIPLES, STANDARDS, AND GUIDELINES.—To the extent that such policies are consistent with policies and guidance developed by the Director of the Office of Management and Budget and the Secretary of Commerce, an agency may develop and implement information security policies, principles, standards, and guidelines that provide more stringent protection than those required under section 3533 of title 44, United States Code (as added by section 1061 of this Act), or subsection (a) of this section. (g) ATOMIC ENERGY ACT OF 1954. —Nothing in this subtitle (including any amendment made by this subtitle) shall supersede any requirement made by, or under, the Atomic Energy Act of 1954 (42 U.S.C. 2011 et seq.). Restricted Data or Formerly Restricted Data shall be handled, protected, classified, downgraded, and declassified in conformity with the Atomic Energy Act of 1954 (42 U.S.C. 2011 et seq.). SEC. 1063. RELATIONSHIP OF DEFENSE INFORMATION ASSURANCE PROGRAM TO GOVERNMENT-WIDE INFORMATION SECU- RITY PROGRAM. (a) CONSISTENCY OF REQUIREMENTS.— Subsection (b) of section 2224 of title 10, United States Code, is amended— (1) by striking "(b) OBJECTIVES OF THE PROGRAM. —" and inserting "(b) OBJECTIVES AND MINIMUM REQUIREMENTS.—(1)"; and (2) by adding at the end the following: "(2) The program shall at a minimum meet the requirements of sections 3534 and 3535 of title 44.". (b) ADDITION TO ANNUAL REPORT.— Subsection (e) of such section is amended by adding at the end the following new paragraph:

�