Bill Sponsor
House Bill 2331
116th Congress(2019-2020)
SBA Cyber Awareness Act
Active
Active
Passed House on Jul 15, 2019
Overview
Text
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
H. R. 2331 (Reported-in-House)

Union Calendar No. 83

116th CONGRESS
1st Session
H. R. 2331

[Report No. 116–114]


To require an annual report on the cybersecurity of the Small Business Administration, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES

April 18, 2019

Mr. Crow (for himself, Mr. Balderson, Ms. Velázquez, and Mr. Chabot) introduced the following bill; which was referred to the Committee on Small Business

June 13, 2019

Additional sponsors: Mr. Fitzpatrick, Ms. Houlahan, Mr. Burchett, and Mrs. Craig

June 13, 2019

Committed to the Committee of the Whole House on the State of the Union and ordered to be printed


A BILL

To require an annual report on the cybersecurity of the Small Business Administration, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “SBA Cyber Awareness Act”.

SEC. 2. Cybersecurity awareness reporting.

Section 10 of the Small Business Act (15 U.S.C. 639) is amended by inserting after subsection (a) the following:

“(b) Cybersecurity reports.—

“(1) ANNUAL REPORT.—Not later than 180 days after the date of enactment of this subsection, and every year thereafter, the Administrator shall submit a report to the appropriate congressional committees that includes—

“(A) an assessment of the information technology (as defined in section 11101 of title 40, United States Code) and cybersecurity infrastructure of the Administration;

“(B) a strategy to increase the cy­ber­se­cu­ri­ty infrastructure of the Administration;

“(C) a detailed account of any information technology equipment or interconnected system or subsystem of equipment of the Administration that was manufactured by an entity that has its principal place of business located in the People’s Republic of China; and

“(D) an account of any cybersecurity risk or incident that occurred at the Administration during the 2-year period preceding the date on which the report is submitted, and any action taken by the Administrator to respond to or remediate any such cybersecurity risk or incident.

“(2) ADDITIONAL REPORTS.—If the Administrator determines that there is a reasonable basis to conclude that a cybersecurity risk or incident occurred at the Administration, the Administrator shall—

“(A) not later than 7 days after the date on which the Administrator makes that determination, notify the appropriate congressional committees of the cybersecurity risk or incident; and

“(B) not later than 30 days after the date on which the Administrator makes a determination under subparagraph (A)—

“(i) provide notice to individuals and small business concerns affected by the cybersecurity risk or incident; and

“(ii) submit to the appropriate congressional committees a report, based on information available to the Administrator as of the date which the Administrator submits the report, that includes—

“(I) a summary of information about the cybersecurity risk or incident, including how the cybersecurity risk or incident occurred; and

“(II) an estimate of the number of individuals and small business concerns affected by the cybersecurity risk or incident, including an assessment of the risk of harm to affected individuals and small business concerns.

“(3) RULE OF CONSTRUCTION.—Nothing in this subsection shall be construed to affect the reporting requirements of the Administrator under chapter 35 of title 44, United States Code, in particular the requirement to notify the Federal information security incident center under section 3554(b)(7)(C)(ii) of such title, or any other provision of law.

“(4) DEFINITIONS.—In this subsection:

“(A) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term ‘appropriate congressional committees’ means—

“(i) the Committee on Small Business and Entrepreneurship of the Senate; and

“(ii) the Committee on Small Business of the House of Representatives.

“(B) CYBERSECURITY RISK; INCIDENT.—The terms ‘cybersecurity risk’ and ‘incident’ have the meanings given such terms, respectively, under section 2209(a) of the Homeland Security Act of 2002.”.


Union Calendar No. 83

116th CONGRESS
     1st Session
H. R. 2331
[Report No. 116–114]

A BILL
To require an annual report on the cybersecurity of the Small Business Administration, and for other purposes.

June 13, 2019
Committed to the Committee of the Whole House on the State of the Union and ordered to be printed