{"identifier":"/us/usc/t6/s650","title":6,"num":"\u00a7\u202f650.","heading":"Definitions","text":"\u00a7\u202f650.\nDefinitions\nExcept as otherwise specifically provided, in this subchapter:\n(1)\nAgency\nThe term \u201cAgency\u201d means the Cybersecurity and Infrastructure Security Agency.\n(2)\nAppropriate congressional committees\nThe term \u201cappropriate congressional committees\u201d means\u2014\n(A) the Committee on Homeland Security and Governmental Affairs of the Senate; and\n(B) the Committee on Homeland Security of the House of Representatives.\n(3)\nCloud service provider\nThe term \u201ccloud service provider\u201d means an entity offering products or services related to cloud computing, as defined by the National Institute of Standards and Technology in NIST Special Publication 800\u2013145 and any amendatory or superseding document relating thereto.\n(4)\nCritical infrastructure information\nThe term \u201ccritical infrastructure information\u201d means information not customarily in the public domain and related to the security of critical infrastructure or protected systems\u2014\n(A) actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computer-based attack or other similar conduct (including the misuse of or unauthorized access to all types of communications and data transmission systems) that violates Federal, State, or local law, harms interstate commerce of the United States, or threatens public health or safety;\n(B) the ability of any critical infrastructure or protected system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation thereto, risk management planning, or risk audit; or\n(C) any planned or past operational problem or solution regarding critical infrastructure or protected systems, including repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to such interference, compromise, or incapacitation.\n(5)\nCyber threat indicator\nThe term \u201ccyber threat indicator\u201d means information that is necessary to describe or identify\u2014\n(A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;\n(B) a method of defeating a security control or exploitation of a security vulnerability;\n(C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability;\n(D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;\n(E) malicious cyber command and control;\n(F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat;\n(G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or\n(H) any combination thereof.\n(6)\nCybersecurity purpose\nThe term \u201ccybersecurity purpose\u201d means the purpose of protecting an information system or information that is stored on, processed by, or transiting an information system from a cybersecurity threat or security vulnerability.\n(7)\nCybersecurity risk\nThe term \u201ccybersecurity risk\u201d\u2014\n(A) means threats to and vulnerabilities of information or information systems and any related consequences caused by or resulting from unauthorized access, use, disclosure, degradation, disruption, modification, or destruction of such information or information systems, including such related consequences caused by an act of terrorism; and\n(B) does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.\n(8)\nCybersecurity threat\n(A)\nIn general\nExcept as provided in subparagraph (B), the term \u201ccybersecurity threat\u201d means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.\n(B)\nExclusion\nThe term \u201ccybersecurity threat\u201d does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.\n(9)\nDefensive measure\n(A)\nIn general\nExcept as provided in subparagraph (B), the term \u201cdefensive measure\u201d means an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability.\n(B)\nExclusion\nThe term \u201cdefensive measure\u201d does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information system or information stored on, processed by, or transiting such information system not owned by\u2014\n(i) the private entity, as defined in\nsection 1501 of this title\n(ii) another entity or Federal entity that is authorized to provide consent and has provided consent to that private entity for operation of such measure.\n(10)\nDirector\nThe term \u201cDirector\u201d means the Director of the Cybersecurity and Infrastructure Security Agency.\n(11)\nHomeland Security Enterprise\nThe term \u201cHomeland Security Enterprise\u201d means relevant governmental and nongovernmental entities involved in homeland security, including Federal, State, local, and Tribal government officials, private sector representatives, academics, and other policy experts.\n(12)\nIncident\nThe term \u201cincident\u201d means an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system, or actually or imminently jeopardizes, without lawful authority, an information system.\n(13)\nInformation Sharing and Analysis Organization\nThe term \u201cInformation Sharing and Analysis Organization\u201d means any formal or informal entity or collaboration created or employed by public or private sector organizations, for purposes of\u2014\n(A) gathering and analyzing critical infrastructure information, including information related to cybersecurity risks and incidents, in order to better understand security problems and interdependencies related to critical infrastructure, including cybersecurity risks and incidents, and protected systems, so as to ensure the availability, integrity, and reliability thereof;\n(B) communicating or disclosing critical infrastructure information, including cybersecurity risks and incidents, to help prevent, detect, mitigate, or recover from the effects of an interference, a compromise, or an incapacitation problem related to critical infrastructure, including cybersecurity risks and incidents, or protected systems; and\n(C) voluntarily disseminating critical infrastructure information, including cybersecurity risks and incidents, to its members, State, local, and Federal Governments, or any other entities that may be of assistance in carrying out the purposes specified in subparagraphs (A) and (B).\n(14)\nInformation system\nThe term \u201cinformation system\u201d\u2014\n(A) has the meaning given the term in\nsection 3502 of title 44\n(B) includes industrial control systems, such as supervisory control and data acquisition systems, distributed control systems, and programmable logic controllers.\n(15)\nIntelligence community\nThe term \u201cintelligence community\u201d has the meaning given the term in\nsection 3003(4) of title 50\n(16)\nMalicious cyber command and control\nThe term \u201cmalicious cyber command and control\u201d means a method for unauthorized remote identification of, access to, or use of, an information system or information that is stored on, processed by, or transiting an information system.\n(17)\nMalicious reconnaissance\nThe term \u201cmalicious reconnaissance\u201d\n1\n1 So in original. Probably should be followed by \u201cmeans\u201d.\n(18)\nManaged service provider\nThe term \u201cmanaged service provider\u201d means an entity that delivers services, such as network, application, infrastructure, or security services, via ongoing and regular support and active administration on the premises of a customer, in the data center of the entity (such as hosting), or in a third party data center.\n(19)\nMonitor\nThe term \u201cmonitor\u201d means to acquire, identify, or scan, or to possess, information that is stored on, processed by, or transiting an information system.\n(20)\nNational cybersecurity asset response activities\nThe term \u201cnational cybersecurity asset response activities\u201d means\u2014\n(A) furnishing cybersecurity technical assistance to entities affected by cybersecurity risks to protect assets, mitigate vulnerabilities, and reduce impacts of cyber incidents;\n(B) identifying other entities that may be at risk of an incident and assessing risk to the same or similar vulnerabilities;\n(C) assessing potential cybersecurity risks to a sector or region, including potential cascading effects, and developing courses of action to mitigate such risks;\n(D) facilitating information sharing and operational coordination with threat response; and\n(E) providing guidance on how best to utilize Federal resources and capabilities in a timely, effective manner to speed recovery from cybersecurity risks.\n(21)\nNational security system\nThe term \u201cnational security system\u201d has the meaning given the term in\nsection 11103 of title 40\n(22)\nRansomware attack\nThe term \u201cransomware attack\u201d\u2014\n(A) means an incident that includes the use or threat of use of unauthorized or malicious code on an information system, or the use or threat of use of another digital mechanism such as a denial of service attack, to interrupt or disrupt the operations of an information system or compromise the confidentiality, availability, or integrity of electronic data stored on, processed by, or transiting an information system to extort a demand for a ransom payment; and\n(B) does not include any such event in which the demand for payment is\u2014\n(i) not genuine; or\n(ii) made in good faith by an entity in response to a specific request by the owner or operator of the information system.\n(23)\nSector Risk Management Agency\nThe term \u201cSector Risk Management Agency\u201d means a Federal department or agency, designated by law or Presidential directive, with responsibility for providing institutional knowledge and specialized expertise of a sector, as well as leading, facilitating, or supporting programs and associated activities of its designated critical infrastructure sector in the all hazards environment in coordination with the Department.\n(24)\nSecurity control\nThe term \u201csecurity control\u201d means the management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information.\n(25)\nSecurity vulnerability\nThe term \u201csecurity vulnerability\u201d means any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control.\n(26)\nSharing\nThe term \u201csharing\u201d (including all conjugations thereof) means providing, receiving, and disseminating (including all conjugations of each such terms).\n(27)\nSLTT entity\nThe term \u201cSLTT entity\u201d means a domestic government entity that is a State government, local government, Tribal government, territorial government, or any subdivision thereof.\n(28)\nSupply chain compromise\nThe term \u201csupply chain compromise\u201d means an incident within the supply chain of an information system that an adversary can leverage, or does leverage, to jeopardize the confidentiality, integrity, or availability of the information system or the information the system processes, stores, or transmits, and can occur at any point during the life cycle.","url":"https://projectusc.org/usc/t6/s650.html","content":[{"t":"sec","id":"/us/usc/t6/s650","children":[{"t":"num","text":"\u00a7\u202f650."},{"t":"heading","text":"Definitions","tail":"\n"},{"t":"chapeau","text":"Except as otherwise specifically provided, in this subchapter:"},{"t":"para","id":"/us/usc/t6/s650/1","children":[{"t":"num","text":"(1)"},{"t":"heading","text":"Agency"},{"t":"content","children":[{"t":"p","text":"The term \u201cAgency\u201d means the Cybersecurity and Infrastructure Security Agency.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/2","children":[{"t":"num","text":"(2)"},{"t":"heading","text":"Appropriate congressional committees"},{"t":"chapeau","text":"The term \u201cappropriate congressional committees\u201d means\u2014"},{"t":"subpara","id":"/us/usc/t6/s650/2/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" the Committee on Homeland Security and Governmental Affairs of the Senate; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/2/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" the Committee on Homeland Security of the House of Representatives.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/3","children":[{"t":"num","text":"(3)"},{"t":"heading","text":"Cloud service provider"},{"t":"content","children":[{"t":"p","text":"The term \u201ccloud service provider\u201d means an entity offering products or services related to cloud computing, as defined by the National Institute of Standards and Technology in NIST Special Publication 800\u2013145 and any amendatory or superseding document relating thereto.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/4","children":[{"t":"num","text":"(4)"},{"t":"heading","text":"Critical infrastructure information"},{"t":"chapeau","text":"The term \u201ccritical infrastructure information\u201d means information not customarily in the public domain and related to the security of critical infrastructure or protected systems\u2014"},{"t":"subpara","id":"/us/usc/t6/s650/4/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computer-based attack or other similar conduct (including the misuse of or unauthorized access to all types of communications and data transmission systems) that violates Federal, State, or local law, harms interstate commerce of the United States, or threatens public health or safety;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/4/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" the ability of any critical infrastructure or protected system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation thereto, risk management planning, or risk audit; or","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/4/C","children":[{"t":"num","text":"(C)"},{"t":"content","text":" any planned or past operational problem or solution regarding critical infrastructure or protected systems, including repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to such interference, compromise, or incapacitation.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/5","children":[{"t":"num","text":"(5)"},{"t":"heading","text":"Cyber threat indicator"},{"t":"chapeau","text":"The term \u201ccyber threat indicator\u201d means information that is necessary to describe or identify\u2014"},{"t":"subpara","id":"/us/usc/t6/s650/5/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/5/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" a method of defeating a security control or exploitation of a security vulnerability;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/5/C","children":[{"t":"num","text":"(C)"},{"t":"content","text":" a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/5/D","children":[{"t":"num","text":"(D)"},{"t":"content","text":" a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/5/E","children":[{"t":"num","text":"(E)"},{"t":"content","text":" malicious cyber command and control;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/5/F","children":[{"t":"num","text":"(F)"},{"t":"content","text":" the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/5/G","children":[{"t":"num","text":"(G)"},{"t":"content","text":" any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/5/H","children":[{"t":"num","text":"(H)"},{"t":"content","text":" any combination thereof.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/6","children":[{"t":"num","text":"(6)"},{"t":"heading","text":"Cybersecurity purpose"},{"t":"content","children":[{"t":"p","text":"The term \u201ccybersecurity purpose\u201d means the purpose of protecting an information system or information that is stored on, processed by, or transiting an information system from a cybersecurity threat or security vulnerability.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/7","children":[{"t":"num","text":"(7)"},{"t":"heading","text":"Cybersecurity risk"},{"t":"chapeau","text":"The term \u201ccybersecurity risk\u201d\u2014"},{"t":"subpara","id":"/us/usc/t6/s650/7/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" means threats to and vulnerabilities of information or information systems and any related consequences caused by or resulting from unauthorized access, use, disclosure, degradation, disruption, modification, or destruction of such information or information systems, including such related consequences caused by an act of terrorism; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/7/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/8","children":[{"t":"num","text":"(8)"},{"t":"heading","text":"Cybersecurity threat"},{"t":"subpara","id":"/us/usc/t6/s650/8/A","children":[{"t":"num","text":"(A)"},{"t":"heading","text":"In general"},{"t":"content","children":[{"t":"p","text":"Except as provided in subparagraph (B), the term \u201ccybersecurity threat\u201d means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/8/B","children":[{"t":"num","text":"(B)"},{"t":"heading","text":"Exclusion"},{"t":"content","children":[{"t":"p","text":"The term \u201ccybersecurity threat\u201d does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/9","children":[{"t":"num","text":"(9)"},{"t":"heading","text":"Defensive measure"},{"t":"subpara","id":"/us/usc/t6/s650/9/A","children":[{"t":"num","text":"(A)"},{"t":"heading","text":"In general"},{"t":"content","children":[{"t":"p","text":"Except as provided in subparagraph (B), the term \u201cdefensive measure\u201d means an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/9/B","children":[{"t":"num","text":"(B)"},{"t":"heading","text":"Exclusion"},{"t":"chapeau","text":"The term \u201cdefensive measure\u201d does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information system or information stored on, processed by, or transiting such information system not owned by\u2014"},{"t":"clause","id":"/us/usc/t6/s650/9/B/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" the private entity, as defined in ","children":[{"t":"ref","text":"section 1501 of this title","href":"/us/usc/t6/s1501","tail":", operating the measure; or"}],"tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t6/s650/9/B/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" another entity or Federal entity that is authorized to provide consent and has provided consent to that private entity for operation of such measure.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/10","children":[{"t":"num","text":"(10)"},{"t":"heading","text":"Director"},{"t":"content","children":[{"t":"p","text":"The term \u201cDirector\u201d means the Director of the Cybersecurity and Infrastructure Security Agency.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/11","children":[{"t":"num","text":"(11)"},{"t":"heading","text":"Homeland Security Enterprise"},{"t":"content","children":[{"t":"p","text":"The term \u201cHomeland Security Enterprise\u201d means relevant governmental and nongovernmental entities involved in homeland security, including Federal, State, local, and Tribal government officials, private sector representatives, academics, and other policy experts.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/12","children":[{"t":"num","text":"(12)"},{"t":"heading","text":"Incident"},{"t":"content","children":[{"t":"p","text":"The term \u201cincident\u201d means an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system, or actually or imminently jeopardizes, without lawful authority, an information system.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/13","children":[{"t":"num","text":"(13)"},{"t":"heading","text":"Information Sharing and Analysis Organization"},{"t":"chapeau","text":"The term \u201cInformation Sharing and Analysis Organization\u201d means any formal or informal entity or collaboration created or employed by public or private sector organizations, for purposes of\u2014"},{"t":"subpara","id":"/us/usc/t6/s650/13/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" gathering and analyzing critical infrastructure information, including information related to cybersecurity risks and incidents, in order to better understand security problems and interdependencies related to critical infrastructure, including cybersecurity risks and incidents, and protected systems, so as to ensure the availability, integrity, and reliability thereof;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/13/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" communicating or disclosing critical infrastructure information, including cybersecurity risks and incidents, to help prevent, detect, mitigate, or recover from the effects of an interference, a compromise, or an incapacitation problem related to critical infrastructure, including cybersecurity risks and incidents, or protected systems; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/13/C","children":[{"t":"num","text":"(C)"},{"t":"content","text":" voluntarily disseminating critical infrastructure information, including cybersecurity risks and incidents, to its members, State, local, and Federal Governments, or any other entities that may be of assistance in carrying out the purposes specified in subparagraphs (A) and (B).","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/14","children":[{"t":"num","text":"(14)"},{"t":"heading","text":"Information system"},{"t":"chapeau","text":"The term \u201cinformation system\u201d\u2014"},{"t":"subpara","id":"/us/usc/t6/s650/14/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" has the meaning given the term in ","children":[{"t":"ref","text":"section 3502 of title 44","href":"/us/usc/t44/s3502","tail":"; and"}],"tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/14/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" includes industrial control systems, such as supervisory control and data acquisition systems, distributed control systems, and programmable logic controllers.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/15","children":[{"t":"num","text":"(15)"},{"t":"heading","text":"Intelligence community"},{"t":"content","children":[{"t":"p","text":"The term \u201cintelligence community\u201d has the meaning given the term in ","children":[{"t":"ref","text":"section 3003(4) of title 50","href":"/us/usc/t50/s3003/4","tail":"."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/16","children":[{"t":"num","text":"(16)"},{"t":"heading","text":"Malicious cyber command and control"},{"t":"content","children":[{"t":"p","text":"The term \u201cmalicious cyber command and control\u201d means a method for unauthorized remote identification of, access to, or use of, an information system or information that is stored on, processed by, or transiting an information system.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/17","children":[{"t":"num","text":"(17)"},{"t":"heading","text":"Malicious reconnaissance"},{"t":"content","children":[{"t":"p","text":"The term \u201cmalicious reconnaissance\u201d\u202f","children":[{"t":"ref","text":"1"},{"t":"num","text":"1","tail":"\u202fSo in original. Probably should be followed by \u201cmeans\u201d."},{"t":"text","text":"\u202fSo in original. Probably should be followed by \u201cmeans\u201d.","tail":" a method for actively probing or passively monitoring an information system for the purpose of discerning security vulnerabilities of the information system, if such method is associated with a known or suspected cybersecurity threat."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/18","children":[{"t":"num","text":"(18)"},{"t":"heading","text":"Managed service provider"},{"t":"content","children":[{"t":"p","text":"The term \u201cmanaged service provider\u201d means an entity that delivers services, such as network, application, infrastructure, or security services, via ongoing and regular support and active administration on the premises of a customer, in the data center of the entity (such as hosting), or in a third party data center.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/19","children":[{"t":"num","text":"(19)"},{"t":"heading","text":"Monitor"},{"t":"content","children":[{"t":"p","text":"The term \u201cmonitor\u201d means to acquire, identify, or scan, or to possess, information that is stored on, processed by, or transiting an information system.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/20","children":[{"t":"num","text":"(20)"},{"t":"heading","text":"National cybersecurity asset response activities"},{"t":"chapeau","text":"The term \u201cnational cybersecurity asset response activities\u201d means\u2014"},{"t":"subpara","id":"/us/usc/t6/s650/20/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" furnishing cybersecurity technical assistance to entities affected by cybersecurity risks to protect assets, mitigate vulnerabilities, and reduce impacts of cyber incidents;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/20/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" identifying other entities that may be at risk of an incident and assessing risk to the same or similar vulnerabilities;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/20/C","children":[{"t":"num","text":"(C)"},{"t":"content","text":" assessing potential cybersecurity risks to a sector or region, including potential cascading effects, and developing courses of action to mitigate such risks;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/20/D","children":[{"t":"num","text":"(D)"},{"t":"content","text":" facilitating information sharing and operational coordination with threat response; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/20/E","children":[{"t":"num","text":"(E)"},{"t":"content","text":" providing guidance on how best to utilize Federal resources and capabilities in a timely, effective manner to speed recovery from cybersecurity risks.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/21","children":[{"t":"num","text":"(21)"},{"t":"heading","text":"National security system"},{"t":"content","children":[{"t":"p","text":"The term \u201cnational security system\u201d has the meaning given the term in ","children":[{"t":"ref","text":"section 11103 of title 40","href":"/us/usc/t40/s11103","tail":"."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/22","children":[{"t":"num","text":"(22)"},{"t":"heading","text":"Ransomware attack"},{"t":"chapeau","text":"The term \u201cransomware attack\u201d\u2014"},{"t":"subpara","id":"/us/usc/t6/s650/22/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" means an incident that includes the use or threat of use of unauthorized or malicious code on an information system, or the use or threat of use of another digital mechanism such as a denial of service attack, to interrupt or disrupt the operations of an information system or compromise the confidentiality, availability, or integrity of electronic data stored on, processed by, or transiting an information system to extort a demand for a ransom payment; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s650/22/B","children":[{"t":"num","text":"(B)"},{"t":"chapeau","text":" does not include any such event in which the demand for payment is\u2014"},{"t":"clause","id":"/us/usc/t6/s650/22/B/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" not genuine; or","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t6/s650/22/B/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" made in good faith by an entity in response to a specific request by the owner or operator of the information system.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/23","children":[{"t":"num","text":"(23)"},{"t":"heading","text":"Sector Risk Management Agency"},{"t":"content","children":[{"t":"p","text":"The term \u201cSector Risk Management Agency\u201d means a Federal department or agency, designated by law or Presidential directive, with responsibility for providing institutional knowledge and specialized expertise of a sector, as well as leading, facilitating, or supporting programs and associated activities of its designated critical infrastructure sector in the all hazards environment in coordination with the Department.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/24","children":[{"t":"num","text":"(24)"},{"t":"heading","text":"Security control"},{"t":"content","children":[{"t":"p","text":"The term \u201csecurity control\u201d means the management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/25","children":[{"t":"num","text":"(25)"},{"t":"heading","text":"Security vulnerability"},{"t":"content","children":[{"t":"p","text":"The term \u201csecurity vulnerability\u201d means any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/26","children":[{"t":"num","text":"(26)"},{"t":"heading","text":"Sharing"},{"t":"content","children":[{"t":"p","text":"The term \u201csharing\u201d (including all conjugations thereof) means providing, receiving, and disseminating (including all conjugations of each such terms).","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/27","children":[{"t":"num","text":"(27)"},{"t":"heading","text":"SLTT entity"},{"t":"content","children":[{"t":"p","text":"The term \u201cSLTT entity\u201d means a domestic government entity that is a State government, local government, Tribal government, territorial government, or any subdivision thereof.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s650/28","children":[{"t":"num","text":"(28)"},{"t":"heading","text":"Supply chain compromise"},{"t":"content","children":[{"t":"p","text":"The term \u201csupply chain compromise\u201d means an incident within the supply chain of an information system that an adversary can leverage, or does leverage, to jeopardize the confidentiality, integrity, or availability of the information system or the information the system processes, stores, or transmits, and can occur at any point during the life cycle.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"text","text":"\n"},{"t":"text","text":"\n"}]}]}