Page:United States Statutes at Large Volume 116 Part 4.djvu/526

 116 STAT. 2954 PUBLIC LAW 107-347—DEC. 17, 2002 Intelligence or of National Foreign Intelligence Programs systems under the authority and control of the Secretary of Defense shall be made available to Congress only through the appropriate oversight committees of Congress, in accordance with applicable laws. Reports. "(h) COMPTROLLER GENERAL.— The Comptroller General shall periodically evaluate and report to Congress on— "(1) the adequacy and effectiveness of agency information security policies and practices; and "(2) implementation of the requirements of this subchapter. "(a) IN GENERAL.— The Director shall ensure the operation of a central Federal information security incident center to— "(1) provide timely technical assistance to operators of agency information systems regarding security incidents, including guidance on detecting and handling information security incidents; "(2) compile and analyze information about incidents that threaten information security; "(3) inform operators of agency information systems about current and potential information security threats, and vulnerabilities; and "(4) consult with the National Institute of Standards and Technology, agencies or offices operating or exercising control of national security systems (including the National Security Agency), and such other agencies or offices in accordance with law and as directed by the President regarding information security incidents and related matters. "(b) NATIONAL SECURITY SYSTEMS. —Each agency operating or exercising control of a national security system shall share information about information security incidents, threats, and vulnerabilities with the Federal information security incident center to the extent consistent with standards and guidelines for national security systems, issued in accordance with law and as directed by the President. "§ 3547. National security systems "The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency— "(1) provides information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of the information contained in such system; "(2) implements information security policies and practices as required by standards and guidelines for national security systems, issued in accordance with law and as directed by the President; and "(3) complies with the requirements of this subchapter. "There are authorized to be appropriated to carry out the provisions of this subchapter such sums as may be necessary for each of fiscal years 2003 through 2007.
 * § 3546. Federal information security incident center
 * § 3548. Authorization of appropriations

�