44-U.S.C.-3535
§3535 – Annual Independent Evaluation
Pathway
Title 44 > Chapter 35 > Subchapter II > Section 3535
Details
- Reference: Section 3535
- Legend: §3535 – Annual Independent Evaluation
- USCode Year: 2013
Provision Content
(a)(1) Each year each agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such program and practices.
(2) Each evaluation by an agency under this section shall include—
(A) testing of the effectiveness of information security policies, procedures, and practices of a representative subset of the agencys information systems;
(B) an assessment (made on the basis of the results of the testing) of compliance with—
(i) the requirements of this subchapter; and
(ii) related information security policies, procedures, standards, and guidelines; and
(C) separate presentations, as appropriate, regarding information security relating to national security systems.
(b) Subject to subsection (c)—
(1) for each agency with an Inspector General appointed under the Inspector General Act of 1978 or any other law, the annual evaluation required by this section shall be performed by the Inspector General or by an independent external auditor, as determined by the Inspector General of the agency; and
(2) for each agency to which paragraph (1) does not apply, the head of the agency shall engage an independent external auditor to perform the evaluation.
(c) For each agency operating or exercising control of a national security system, that portion of the evaluation required by this section directly relating to a national security system shall be performed—
(1) only by an entity designated by the agency head; and
(2) in such a manner as to ensure appropriate protection for information associated with any information security vulnerability in such system commensurate with the risk and in accordance with all applicable laws.
(d) The evaluation required by this section—
(1) shall be performed in accordance with generally accepted government auditing standards; and
(2) may be based in whole or in part on an audit, evaluation, or report relating to programs or practices of the applicable agency.
(e) Each year, not later than such date established by the Director, the head of each agency shall submit to the Director the results of the evaluation required under this section.
(f) Agencies and evaluators shall take appropriate steps to ensure the protection of information which, if disclosed, may adversely affect information security. Such protections shall be commensurate with the risk and comply with all applicable laws and regulations.
(g)(1) The Director shall summarize the results of the evaluations conducted under this section in the report to Congress required under section 3533(a)(8).
(2) The Directors report to Congress under this subsection shall summarize information regarding information security relating to national security systems in such a manner as to ensure appropriate protection for information associated with any information security vulnerability in such system commensurate with the risk and in accordance with all applicable laws.
(3) Evaluations and any other descriptions of information systems under the authority and control of the Director of Central Intelligence or of National Foreign Intelligence Programs systems under the authority and control of the Secretary of Defense shall be made available to Congress only through the appropriate oversight committees of Congress, in accordance with applicable laws.
(h) The Comptroller General shall periodically evaluate and report to Congress on—
(1) the adequacy and effectiveness of agency information security policies and practices; and
(2) implementation of the requirements of this subchapter.
(Added Pub. L. 107–296, title X, §1001(b)(1), Nov. 25, 2002, 116 Stat. 2265; amended Pub. L. 108–177, title III, §377(e), Dec. 13, 2003, 117 Stat. 2631.)
Applicability of Section
This section not to apply while subchapter III of this chapter is in effect, see section 3549 of this title.
References in Text
The Inspector General Act of 1978, referred to in subsec. (b)(1), is Pub. L. 95–452, Oct. 12, 1978, 92 Stat. 1101, as amended, which is set out in the Appendix to Title 5, Government Organization and Employees.
Prior Provisions
A prior section 3535, added Pub. L. 106–398, §1 [[div. A], title X, §1061], Oct. 30, 2000, 114 Stat. 1654, 1654A–271, related to annual independent evaluation prior to the general amendment of this subchapter by Pub. L. 107–296.
Amendments
2003—Subsec. (b)(1). Pub. L. 108–177 inserted or any other law after 1978.
Change of Name
Reference to the Director of Central Intelligence or the Director of the Central Intelligence Agency in the Directors capacity as the head of the intelligence community deemed to be a reference to the Director of National Intelligence. Reference to the Director of Central Intelligence or the Director of the Central Intelligence Agency in the Directors capacity as the head of the Central Intelligence Agency deemed to be a reference to the Director of the Central Intelligence Agency. See section 1081(a), (b) of Pub. L. 108–458, set out as a note under section 3001 of Title 50, War and National Defense.
U.S. Encyclopedia of Law Coverage
44-U.S.C.-3519 in the Legal Encyclopedia: Public Documents
In this entry about 44-U.S.C.-3519, find legal reference material, bibliographies and premiere content related to public documents in the American Encyclopedia of Law, presenting a comprehensive view of the United States public documents-specific issues, written by authorities in the field.
Subchapter II – Information Security in the Legal Encyclopedia: Policy
In this entry about Subchapter II – Information Security, find legal reference material, bibliographies and premiere content related to policy in the American Encyclopedia of Law, presenting a comprehensive view of the United States policy-specific issues, written by authorities in the field.
44-U.S.C.-3515 in the Legal Encyclopedia: Federal Information
In this entry about 44-U.S.C.-3515, find legal reference material, bibliographies and premiere content related to federal information in the American Encyclopedia of Law, presenting a comprehensive view of the United States federal information-specific issues, written by authorities in the field.
Leave a Reply