Page:United States Statutes at Large Volume 116 Part 3.djvu/680

 116 STAT. 2272 PUBLIC LAW 107-296—NOV. 25, 2002 "(2) to advise the Institute and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems, including through review of proposed standards and guidelines developed under section 20; and"; (7) in subsection (b)(3) " by inserting "annually" after "report"; (8) by inserting after subsection (e) the following new subsection: "(f) The Board shall hold meetings at such locations and at such time and place as determined by a majority of the Board."; (9) by redesignating subsections (f) and (g) as subsections (g) and (h), respectively; and (10) by striking subsection (h), as redesignated by paragraph (9), and inserting the following: "(h) As used in this section, the terms 'information system' and 'information technology' have the meanings given in section 20.". SEC. 1005. TECHNICAL AND CONFORMING AMENDMENTS. (a) FEDERAL COMPUTER SYSTEM SECURITY TRAINING AND PLAN. — (1) REPEAL. —Section 11332 of title 40, United States Code, is repealed. (2) CLERICAL AMENDMENT.—The table of sections at the beginning of chapter 113 of title 40, United States Code, as amended by striking the item relating to section 11332. (b) FLOYD D. SPENCE NATIONAL DEFENSE AUTHORIZATION ACT FOR FISCAL YEAR 2001. —The Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001 (Public Law 106-398) is amended by striking subtitle G of title X (44 U.S.C. 3531 note). (c) PAPERWORK REDUCTION ACT. —(1) Section 3504(g) of title 44, United States Code, is amended— (A) by adding "and" at the end of paragraph (1); (B) in paragraph (2)— (i) by striking "sections 11331 and 11332(b) and (c) of title 40" and inserting "section 11331 of title 40 and subchapter II of this title"; and (ii) by striking the semicolon and inserting a period; and (C) by striking paragraph (3). (2) Section 3505 of such title is amended by adding at the end the following: "(c) INVENTORY OF INFORMATION SYSTEMS.— (1) The head of each agency shall develop and maintain an inventory of the information systems (including national security systems) operated by or under the control of such agency; "(2) The identification of information systems in an inventory under this subsection shall include an identification of the interfaces between each such system and all other systems or networks, including those not operated by or under the control of the agency; "(3) Such inventory shall be— "(A) updated at least annually; "(B) made available to the Comptroller General; and "(C) used to support information resources management, including—

�