Page:United States Statutes at Large Volume 124.djvu/2716

 124 STAT. 2690 PUBLIC LAW 111–259—OCT. 7, 2010 (b) PROGRAM REPORTS.— (1) REQUIREMENT FOR REPORTS.—The head of a department or agency of the United States with responsibility for a cybersecurity program for which a notification was submitted under subsection (a), in consultation with the inspector general for that department or agency, shall submit to Congress and the President a report on such cybersecurity program that includes— (A) the results of any audit or review of the cybersecurity program carried out under the plan referred to in subsection (a)(2)(E), if any; and (B) an assessment of whether the implementation of the cybersecurity program— (i) is in compliance with— (I) the legal basis referred to in subsection (a)(2)(A); and (II) an assessment referred to in subsection (a)(2)(D), if any; (ii) is adequately described by the concept of oper- ation referred to in subsection (a)(2)(C); and (iii) includes an adequate independent audit or review system and whether improvements to such inde- pendent audit or review system are necessary. (2) SCHEDULE FOR SUBMISSION OF REPORTS.— (A) EXISTING PROGRAMS.—Not later than 180 days after the date of the enactment of this Act, and annually there- after, the head of a department or agency of the United States with responsibility for a cybersecurity program for which a notification is required to be submitted under subsection (a)(1)(A) shall submit a report required under paragraph (1). (B) NEW PROGRAMS.—Not later than 120 days after the date on which a certification is submitted under sub- section (a)(1)(B), and annually thereafter, the head of a department or agency of the United States with responsi- bility for the cybersecurity program for which such certifi- cation is submitted shall submit a report required under paragraph (1). (3) COOPERATION AND COORDINATION.— (A) COOPERATION.—The head of each department or agency of the United States required to submit a report under paragraph (1) for a particular cybersecurity program, and the inspector general of each such department or agency, shall, to the extent practicable, work in conjunction with any other such head or inspector general required to submit such a report for such cybersecurity program. (B) COORDINATION.—The heads of all of the depart- ments and agencies of the United States required to submit a report under paragraph (1) for a particular cybersecurity program shall designate one such head to coordinate the conduct of the reports on such program. (c) INFORMATION SHARING REPORT.—Not later than one year after the date of the enactment of this Act, the Inspector General of the Department of Homeland Security and the Inspector General of the Intelligence Community shall jointly submit to Congress and the President a report on the status of the sharing of cyber- threat information, including— Deadline.