FEDERAL · 6 U.S.C. · Chapter SUBCHAPTER II—FEDERAL CYBERSECURITY ENHANCEMENT
Inventory of cryptographic systems; migration to post-quantum cryptography
6 U.S.C. § 1526
Title6 — Domestic Security
ChapterSUBCHAPTER II—FEDERAL CYBERSECURITY ENHANCEMENT
This text of 6 U.S.C. § 1526 (Inventory of cryptographic systems; migration to post-quantum cryptography) is published on Counsel Stack Legal Research, covering United States primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.
Bluebook
6 U.S.C. § 1526.
Text
(a)Inventory
Not later than 180 days after December 21, 2022, the Director of OMB, in coordination with the National Cyber Director and in consultation with the Director of CISA, shall issue guidance on the migration of information technology to post-quantum cryptography, which shall include at a minimum—
(A)a requirement for each agency to establish and maintain a current inventory of information technology in use by the agency that is vulnerable to decryption by quantum computers, prioritized using the criteria described in subparagraph (B);
(B)criteria to allow agencies to prioritize their inventory efforts; and
(C)a description of the information required to be reported pursuant to subsection (b).
In the guidance established by paragraph (1), the Director of OMB shall include, in a
Free access — add to your briefcase to read the full text and ask questions with AI
Related
§ 3553
6 U.S.C. § 3553
Source Credit
History
(Pub. L. 117–260, §4, Dec. 21, 2022, 136 Stat. 2390.)
Editorial Notes
Editorial Notes
Codification
Section was enacted as part of the Quantum Computing Cybersecurity Preparedness Act, and not as part of the Cybersecurity Act of 2015 which comprises this chapter.
Statutory Notes and Related Subsidiaries
Change of Name
Committee on Oversight and Reform of House of Representatives changed to Committee on Oversight and Accountability of House of Representatives by House Resolution No. 5, One Hundred Eighteenth Congress, Jan. 9, 2023.
Findings; Sense of Congress
Pub. L. 117–260, §2, Dec. 21, 2022, 136 Stat. 2389, provided that:
"(a) Findings.—Congress finds the following:
"(1) Cryptography is essential for the national security of the United States and the functioning of the economy of the United States.
"(2) The most widespread encryption protocols today rely on computational limits of classical computers to provide cybersecurity.
"(3) Quantum computers might one day have the ability to push computational boundaries, allowing us to solve problems that have been intractable thus far, such as integer factorization, which is important for encryption.
"(4) The rapid progress of quantum computing suggests the potential for adversaries of the United States to steal sensitive encrypted data today using classical computers, and wait until sufficiently powerful quantum systems are available to decrypt it.
"(b) Sense of Congress.—It is the sense of Congress that—
"(1) a strategy for the migration of information technology of the Federal Government to post-quantum cryptography is needed; and
"(2) the governmentwide and industrywide approach to post-quantum cryptography should prioritize developing applications, hardware intellectual property, and software that can be easily updated to support cryptographic agility."
Exemption of National Security Systems
Pub. L. 117–260, §5, Dec. 21, 2022, 136 Stat. 2392, provided that: "This Act [see Short Title of 2022 Amendment note set out under section 1500 of this title] shall not apply to any national security system."
Definitions
Pub. L. 117–260, §3, Dec. 21, 2022, 136 Stat. 2389, provided that: "In this Act [see Short Title of 2022 Amendment note set out under section 1500 of this title]:
"(1) Agency .—The term 'agency'—
"(A) means any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency; and
"(B) does not include—
"(i) the Government Accountability Office; or
"(ii) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions.
"(2) Classical computer.—The term 'classical computer' means a device that accepts digital data and manipulates the information based on a program or sequence of instructions for how data is to be processed and encodes information in binary bits that can either be 0s or 1s.
"(3) Director of cisa.—The term 'Director of CISA' means the Director of the Cybersecurity and Infrastructure Security Agency.
"(4) Director of nist.—The term 'Director of NIST' means the Director of the National Institute of Standards and Technology.
"(5) Director of omb.—The term 'Director of OMB' means the Director of the Office of Management and Budget.
"(6) Information technology.—The term 'information technology' has the meaning given the term in section 3502 of title 44, United States Code.
"(7) National security system.—The term 'national security system' has the meaning given the term in section 3552 of title 44, United States Code.
"(8) Post-quantum cryptography.—The term 'post-quantum cryptography' means those cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by either a quantum computer or classical computer.
"(9) Quantum computer.—The term 'quantum computer' means a computer that uses the collective properties of quantum states, such as superposition, interference, and entanglement, to perform calculations."
Codification
Section was enacted as part of the Quantum Computing Cybersecurity Preparedness Act, and not as part of the Cybersecurity Act of 2015 which comprises this chapter.
Statutory Notes and Related Subsidiaries
Change of Name
Committee on Oversight and Reform of House of Representatives changed to Committee on Oversight and Accountability of House of Representatives by House Resolution No. 5, One Hundred Eighteenth Congress, Jan. 9, 2023.
Findings; Sense of Congress
Pub. L. 117–260, §2, Dec. 21, 2022, 136 Stat. 2389, provided that:
"(a) Findings.—Congress finds the following:
"(1) Cryptography is essential for the national security of the United States and the functioning of the economy of the United States.
"(2) The most widespread encryption protocols today rely on computational limits of classical computers to provide cybersecurity.
"(3) Quantum computers might one day have the ability to push computational boundaries, allowing us to solve problems that have been intractable thus far, such as integer factorization, which is important for encryption.
"(4) The rapid progress of quantum computing suggests the potential for adversaries of the United States to steal sensitive encrypted data today using classical computers, and wait until sufficiently powerful quantum systems are available to decrypt it.
"(b) Sense of Congress.—It is the sense of Congress that—
"(1) a strategy for the migration of information technology of the Federal Government to post-quantum cryptography is needed; and
"(2) the governmentwide and industrywide approach to post-quantum cryptography should prioritize developing applications, hardware intellectual property, and software that can be easily updated to support cryptographic agility."
Exemption of National Security Systems
Pub. L. 117–260, §5, Dec. 21, 2022, 136 Stat. 2392, provided that: "This Act [see Short Title of 2022 Amendment note set out under section 1500 of this title] shall not apply to any national security system."
Definitions
Pub. L. 117–260, §3, Dec. 21, 2022, 136 Stat. 2389, provided that: "In this Act [see Short Title of 2022 Amendment note set out under section 1500 of this title]:
"(1) Agency .—The term 'agency'—
"(A) means any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency; and
"(B) does not include—
"(i) the Government Accountability Office; or
"(ii) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions.
"(2) Classical computer.—The term 'classical computer' means a device that accepts digital data and manipulates the information based on a program or sequence of instructions for how data is to be processed and encodes information in binary bits that can either be 0s or 1s.
"(3) Director of cisa.—The term 'Director of CISA' means the Director of the Cybersecurity and Infrastructure Security Agency.
"(4) Director of nist.—The term 'Director of NIST' means the Director of the National Institute of Standards and Technology.
"(5) Director of omb.—The term 'Director of OMB' means the Director of the Office of Management and Budget.
"(6) Information technology.—The term 'information technology' has the meaning given the term in section 3502 of title 44, United States Code.
"(7) National security system.—The term 'national security system' has the meaning given the term in section 3552 of title 44, United States Code.
"(8) Post-quantum cryptography.—The term 'post-quantum cryptography' means those cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by either a quantum computer or classical computer.
"(9) Quantum computer.—The term 'quantum computer' means a computer that uses the collective properties of quantum states, such as superposition, interference, and entanglement, to perform calculations."
Cite This Page — Counsel Stack
Bluebook (online)
6 U.S.C. § 1526, Counsel Stack Legal Research, https://law.counselstack.com/usc/6/1526.