Bill > S3600

This bill: Modernizes the Federal Information Security Modernization Act (FISMA) to improve federal cybersecurity, including by requiring ongoing agency risk assessments, implementing zero trust architecture, establishing a federal penetration testing policy, codifying vulnerability disclosure programs, and creating a risk-based budget model for cybersecurity spending. Establishes new cyber incident reporting requirements for critical infrastructure entities, requiring them to report covered cyber incidents and ransom payments to the Cybersecurity and Infrastructure Security Agency, with protections for shared information. It also creates a Joint Ransomware Task Force to coordinate federal efforts against ransomware attacks. Codifies the Federal Risk and Authorization Management Program (FedRAMP) to streamline the authorization of secure cloud computing products and services for use by federal agencies, reducing costs and burdens on both agencies and cloud providers. The bill aims to enhance federal cybersecurity, improve transparency and coordination around cyber incidents, and facilitate secure cloud adoption across the government to support IT modernization and reduce legacy technology.

https://www.congress.gov/bill/117th-congress/senate-bill/3600/all-info