42 U.S.C. § 18933 — Software security and authentication

FEDERAL · 42 U.S.C. · Chapter SUBCHAPTER II—NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY FOR THE FUTURE

Software security and authentication

42 U.S.C. § 18933

ChapterSUBCHAPTER II—NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY FOR THE FUTURE

PartA

This text of 42 U.S.C. § 18933 (Software security and authentication) is published on Counsel Stack Legal Research, covering United States primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

42 U.S.C. § 18933.

Text

(a)Vulnerabilities in open source software The Director shall assign severity metrics to identified vulnerabilities with open source software and produce voluntary guidance to assist the entities that maintain open source software repositories to discover and mitigate vulnerabilities.

(b)Artificial intelligence-enabled defenses The Director shall carry out research and testing to improve the effectiveness of artificial intelligence-enabled cybersecurity, including by generating optimized data sets to train artificial intelligence defense systems and evaluating the performance of varying network architectures at strengthening network security.

(c)Authentication of Institute software The Director shall ensure all software released by the Institute is digitally signed and maintained to ena

Free access — add to your briefcase to read the full text and ask questions with AI

(a) Vulnerabilities in open source software
The Director shall assign severity metrics to identified vulnerabilities with open source software and produce voluntary guidance to assist the entities that maintain open source software repositories to discover and mitigate vulnerabilities.
(b) Artificial intelligence-enabled defenses
The Director shall carry out research and testing to improve the effectiveness of artificial intelligence-enabled cybersecurity, including by generating optimized data sets to train artificial intelligence defense systems and evaluating the performance of varying network architectures at strengthening network security.
(c) Authentication of Institute software
The Director shall ensure all software released by the Institute is digitally signed and maintained to enable stakeholders to verify its authenticity and integrity upon installation and execution.
(d) Assistance to Inspectors General
Subject to available funding, the Director shall provide technical assistance to improve the education and training of individual Federal agency Inspectors General and staff who are responsible for the annual independent evaluation they are required to perform of the information security program and practices of Federal agencies under section 3555 of title 44.
(e) Software supply chain security practices
The Director shall, in coordination with industry, academia, and other Federal agencies, as appropriate, develop a set of security outcomes and practices, including security controls, control enhancements, supplemental guidance, or other supporting information to enable software developers and operators to identify, assess, and manage cybersecurity risks over the full lifecycle of software products.
The Director shall conduct outreach and coordination activities to share technical expertise with Federal agencies, relevant industry stakeholders, and standards development organizations, as appropriate, to encourage the voluntary adoption of the software lifecycle security practices by Federal agencies and industry stakeholders.

Source Credit

History

(Pub. L. 117–167, div. B, title II, §10224, Aug. 9, 2022, 136 Stat. 1478.)

Cite This Page — Counsel Stack

Bluebook (online)

42 U.S.C. § 18933, Counsel Stack Legal Research, https://law.counselstack.com/usc/42/18933.

Text

Related

Source Credit

History

Cite This Page — Counsel Stack