Page:United States Statutes at Large Volume 116 Part 4.djvu/531

 PUBLIC LAW 107-347—DEC. 17, 2002 116 STAT. 2959 "(2) provide technical assistance to agencies, upon request, regarding— "(A) compliance with the standards and guidelines developed under subsection (a); "(B) detecting and handling information security incidents; and "(C) information security policies, procedures, and practices; "(3) conduct research, as needed, to determine the nature and extent of information security vulnerabilities and techniques for providing cost-effective information security; "(4) develop and periodically revise performance indicators and measures for agency information security policies and practices; "(5) evaluate private sector information security policies and practices and commercially available information technologies to assess potential application by agencies to strengthen information security; "(6) assist the private sector, upon request, in using and applying the results of activities under this section; "(7) evaluate security policies and practices developed for national security systems to assess potential application by agencies to strengthen information security; "(8) periodically assess the effectiveness of standards and guidelines developed under this section and undertake revisions as appropriate; "(9) solicit and consider the recommendations of the Information Security and Privacy Advisory Board, established by section 21, regarding standards and guidelines developed under subsection (a) and submit such recommendations to the Secretary of Commerce with such standards submitted to the Secretary; and "(10) prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this section. "(e) DEFINITIONS. —As used in this section— "(1) the term 'agency' has the same meaning as provided in section 3502(1) of title 44, United States Code; "(2) the term 'information security' has the same meaning as provided in section 3542(b)(1) of such title; "(3) the term 'information system' has the same meaning as provided in section 3502(8) of such title; "(4) the term 'information technology' has the SEime meaning as provided in section 11101 of title 40, United States Code; and "(5) the term 'national security system' has the same meaning as provided in section 3542(b)(2) of title 44, United States Code. "(f) AUTHORIZATION OF APPROPRIATIONS.—There are authorized to be appropriated to the Secretary of Commerce $20,000,000 for each of fiscal years 2003, 2004, 2005, 2006, and 2007 to enable the National Institute of Standards and Technology to carry out the provisions of this section.". SEC. 304. INFORMATION SECURITY AND PRIVACY ADVISORY BOARD. Section 21 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-4), is amended—

�