Bill Sponsor
BILLSPONSOR
Bill Sponsor
Politicians
Bills
Senate Bill 808
117th Congress(2021-2022)
Cybersecurity Disclosure Act of 2021
Introduced
Introduced
Introduced in Senate on Mar 17, 2021
Overview
Text
Introduced in Senate 
Mar 17, 2021
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in Senate(Mar 17, 2021)
Mar 17, 2021
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
S. 808 (Introduced-in-Senate)


117th CONGRESS
1st Session
S. 808


To amend the Securities Exchange Act of 1934 to promote transparency in the oversight of cybersecurity risks at publicly traded companies.

IN THE SENATE OF THE UNITED STATES

March 17 (legislative day, March 16), 2021

Mr. Reed (for himself, Ms. Collins, Mr. Warner, Mr. Cramer, Ms. Cortez Masto, and Mr. Wyden) introduced the following bill; which was read twice and referred to the Committee on Banking, Housing, and Urban Affairs

A BILL

To amend the Securities Exchange Act of 1934 to promote transparency in the oversight of cybersecurity risks at publicly traded companies.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Cybersecurity Disclosure Act of 2021”.

SEC. 2. Cybersecurity transparency.

The Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) is amended by inserting after section 14B (15 U.S.C. 78n–2) the following:

“SEC. 14C. Cybersecurity transparency.

“(a) Definitions.—In this section—

“(1) the term ‘cybersecurity’ means any action, step, or measure to detect, prevent, deter, mitigate, or address any cybersecurity threat or any potential cybersecurity threat;

“(2) the term ‘cybersecurity threat’—

“(A) means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system; and

“(B) does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement;

“(3) the term ‘information system’—

“(A) has the meaning given the term in section 3502 of title 44, United States Code; and

“(B) includes industrial control systems, such as supervisory control and data acquisition systems, distributed control systems, and programmable logic controllers;

“(4) the term ‘NIST’ means the National Institute of Standards and Technology; and

“(5) the term ‘reporting company’ means any company that is an issuer—

“(A) the securities of which are registered under section 12; or

“(B) that is required to file reports under section 15(d).

“(b) Requirement To issue rules.—Not later than 360 days after the date of enactment of this section, the Commission shall issue final rules to require each reporting company, in the annual report of the reporting company submitted under section 13 or section 15(d) or in the annual proxy statement of the reporting company submitted under section 14(a)—

“(1) to disclose whether any member of the governing body, such as the board of directors or general partner, of the reporting company has expertise or experience in cybersecurity and in such detail as necessary to fully describe the nature of the expertise or experience; and

“(2) if no member of the governing body of the reporting company has expertise or experience in cybersecurity, to describe what other aspects of the reporting company’s cybersecurity were taken into account by any person, such as an official serving on a nominating committee, that is responsible for identifying and evaluating nominees for membership to the governing body.

“(c) Cybersecurity expertise or experience.—For purposes of subsection (b), the Commission, in consultation with NIST, shall define what constitutes expertise or experience in cybersecurity using commonly defined roles, specialties, knowledge, skills, and abilities, such as those provided in NIST Special Publication 800–181, entitled ‘National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework’, or any successor thereto.”.