{"identifier":"/us/usc/t6/s652a","title":6,"num":"\u00a7\u202f652a.","heading":"Sector Risk Management Agencies","text":"\u00a7\u202f652a.\nSector Risk Management Agencies\n(a)\nDefinitions\nIn this section:\n(1)\nAppropriate congressional committees\nThe term \u201cappropriate congressional committees\u201d means\u2014\n(A) the Committee on Homeland Security and the Committee on Armed Services in the House of Representatives; and\n(B) the Committee on Homeland Security and Governmental Affairs and the Committee on Armed Services in the Senate.\n(2)\nCritical infrastructure\nThe term \u201ccritical infrastructure\u201d has the meaning given that term in\nsection 5195c(e) of title 42\n(3)\nDepartment\nThe term \u201cDepartment\u201d means the Department of Homeland Security.\n(4)\nDirector\nThe term \u201cDirector\u201d means the Director of the Cybersecurity and Infrastructure Security Agency of the Department.\n(5)\nSecretary\nThe term \u201cSecretary\u201d means the Secretary of Homeland Security.\n(7)\n11\u202fSo in original. Probably should be \u201c(6)\u201d. Sector Risk Management Agency\nThe term \u201cSector Risk Management Agency\u201d has the meaning given the term in\nsection 650 of this title\n(b)\nCritical infrastructure sector designation\n(1)\nInitial review\nNot later than 180 days after\n(A) review the current framework for securing critical infrastructure, as described in\nsection 652(c)(4) of this title\n(B) submit to the President and appropriate congressional committees a report that includes\u2014\n(i) information relating to\u2014\n(I) the analysis framework or methodology used to\u2014\n(aa) evaluate the current framework for securing critical infrastructure referred to in subparagraph (A); and\n(bb) develop recommendations to\u2014\n(AA) revise the current list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or\n(BB) identify and designate any subsectors of such sectors;\n(II) the data, metrics, and other information used to develop the recommendations required under clause (ii); and\n(ii) recommendations relating to\u2014\n(I) revising\u2014\n(aa) the current framework for securing critical infrastructure referred to in subparagraph (A);\n(bb) the current list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or\n(cc) the identification and designation of any subsectors of such sectors; and\n(II) any revisions to the list of designated Federal departments or agencies that serve as the Sector Risk Management Agency for a sector or subsector of such section, necessary to comply with paragraph (3)(B).\n(2)\nPeriodic evaluation by the Secretary\nAt least once every five years, the Secretary, in consultation with the Director and the heads of Sector Risk Management Agencies, shall\u2014\n(A) evaluate the current list of designated critical infrastructure sectors and subsectors of such sectors and the appropriateness of Sector Risk Management Agency designations, as set forth in Presidential Policy Directive 21, any successor or related document, or policy; and\n(B) recommend, as appropriate, to the President\u2014\n(i) revisions to the current list of designated critical infrastructure sectors or subsectors of such sectors; and\n(ii) revisions to the designation of any Federal department or agency designated as the Sector Risk Management Agency for a sector or subsector of such sector.\n(3)\nReview and revision by the President\nNot later than 180 days after the Secretary submits a recommendation pursuant to paragraph (1) or (2), the President shall\u2014\n(A) review the recommendation and revise, as appropriate, the designation of a critical infrastructure sector or subsector or the designation of a Sector Risk Management Agency; and\n(B) submit to the appropriate congressional committees, the Majority and Minority Leaders of the Senate, and the Speaker and Minority Leader of the House of Representatives, a report that includes\u2014\n(i) an explanation with respect to the basis for accepting or rejecting the recommendations of the Secretary; and\n(ii) information relating to the analysis framework, methodology, metrics, and data used to\u2014\n(I) evaluate the current framework for securing critical infrastructure referred to in paragraph (1)(A); and\n(II) develop\u2014\n(aa) recommendations to revise\u2014\n(AA) the list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or\n(BB) the designation of any subsectors of such sectors; and\n(bb) the recommendations of the Secretary.\n(4)\nPublication\nAny designation of critical infrastructure sectors shall be published in the Federal Register.\n(c)\nSector Risk Management Agencies\n(1)\nOmitted\n(2)\nOmitted\n(3)\nReferences\nAny reference to a Sector Specific Agency (including any permutations or conjugations thereof) in any law, regulation, map, document, record, or other paper of the United States shall be deemed to\u2014\n(A) be a reference to the Sector Risk Management Agency of the relevant critical infrastructure sector; and\n(B) have the meaning given such term in\nsection 650 of this title\n(4)\nOmitted\n(d)\nReport and auditing\nNot later than two years after\nJanuary 1, 2021\nsection 665d of this title","url":"https://projectusc.org/usc/t6/s652a.html","content":[{"t":"sec","id":"/us/usc/t6/s652a","children":[{"t":"num","text":"\u00a7\u202f652a."},{"t":"heading","text":"Sector Risk Management Agencies"},{"t":"subsec","id":"/us/usc/t6/s652a/a","children":[{"t":"num","text":"(a)"},{"t":"heading","text":"Definitions"},{"t":"chapeau","text":"In this section:"},{"t":"para","id":"/us/usc/t6/s652a/a/1","children":[{"t":"num","text":"(1)"},{"t":"heading","text":"Appropriate congressional committees"},{"t":"chapeau","text":"The term \u201cappropriate congressional committees\u201d means\u2014"},{"t":"subpara","id":"/us/usc/t6/s652a/a/1/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" the Committee on Homeland Security and the Committee on Armed Services in the House of Representatives; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s652a/a/1/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" the Committee on Homeland Security and Governmental Affairs and the Committee on Armed Services in the Senate.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/a/2","children":[{"t":"num","text":"(2)"},{"t":"heading","text":"Critical infrastructure"},{"t":"content","children":[{"t":"p","text":"The term \u201ccritical infrastructure\u201d has the meaning given that term in ","children":[{"t":"ref","text":"section 5195c(e) of title 42","href":"/us/usc/t42/s5195c/e","tail":"."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/a/3","children":[{"t":"num","text":"(3)"},{"t":"heading","text":"Department"},{"t":"content","children":[{"t":"p","text":"The term \u201cDepartment\u201d means the Department of Homeland Security.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/a/4","children":[{"t":"num","text":"(4)"},{"t":"heading","text":"Director"},{"t":"content","children":[{"t":"p","text":"The term \u201cDirector\u201d means the Director of the Cybersecurity and Infrastructure Security Agency of the Department.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/a/5","children":[{"t":"num","text":"(5)"},{"t":"heading","text":"Secretary"},{"t":"content","children":[{"t":"p","text":"The term \u201cSecretary\u201d means the Secretary of Homeland Security.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/a/7","children":[{"t":"num","text":"(7)"},{"t":"heading","text":"11\u202fSo in original. Probably should be \u201c(6)\u201d. Sector Risk Management Agency"},{"t":"content","children":[{"t":"p","text":"The term \u201cSector Risk Management Agency\u201d has the meaning given the term in ","children":[{"t":"ref","text":"section 650 of this title","href":"/us/usc/t6/s650","tail":"."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subsec","id":"/us/usc/t6/s652a/b","children":[{"t":"num","text":"(b)"},{"t":"heading","text":"Critical infrastructure sector designation"},{"t":"para","id":"/us/usc/t6/s652a/b/1","children":[{"t":"num","text":"(1)"},{"t":"heading","text":"Initial review"},{"t":"chapeau","text":"Not later than 180 days after ","children":[{"t":"text","text":"January 1, 2021","tail":", the Secretary, in consultation with the heads of Sector Risk Management Agencies, shall\u2014"}]},{"t":"subpara","id":"/us/usc/t6/s652a/b/1/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" review the current framework for securing critical infrastructure, as described in ","children":[{"t":"ref","text":"section 652(c)(4) of this title","href":"/us/usc/t6/s652/c/4","tail":" and Presidential Policy Directive 21; and"}],"tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s652a/b/1/B","children":[{"t":"num","text":"(B)"},{"t":"chapeau","text":" submit to the President and appropriate congressional committees a report that includes\u2014"},{"t":"clause","id":"/us/usc/t6/s652a/b/1/B/i","children":[{"t":"num","text":"(i)"},{"t":"chapeau","text":" information relating to\u2014"},{"t":"subclause","id":"/us/usc/t6/s652a/b/1/B/i/I","children":[{"t":"num","text":"(I)"},{"t":"chapeau","text":" the analysis framework or methodology used to\u2014"},{"t":"num","text":"(aa)"},{"t":"content","text":" evaluate the current framework for securing critical infrastructure referred to in subparagraph (A); and"},{"t":"text","text":"\n","tail":"\n"},{"t":"num","text":"(bb)"},{"t":"chapeau","text":" develop recommendations to\u2014"},{"t":"num","text":"(AA)"},{"t":"content","text":" revise the current list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or"},{"t":"text","text":"\n"},{"t":"text","text":"\n"},{"t":"num","text":"(BB)"},{"t":"content","text":" identify and designate any subsectors of such sectors;"},{"t":"text","text":"\n"},{"t":"text","text":"\n","tail":"\n"}],"tail":"\n"},{"t":"subclause","id":"/us/usc/t6/s652a/b/1/B/i/II","children":[{"t":"num","text":"(II)"},{"t":"content","text":" the data, metrics, and other information used to develop the recommendations required under clause (ii); and","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t6/s652a/b/1/B/ii","children":[{"t":"num","text":"(ii)"},{"t":"chapeau","text":" recommendations relating to\u2014"},{"t":"subclause","id":"/us/usc/t6/s652a/b/1/B/ii/I","children":[{"t":"num","text":"(I)"},{"t":"chapeau","text":" revising\u2014"},{"t":"num","text":"(aa)"},{"t":"content","text":" the current framework for securing critical infrastructure referred to in subparagraph (A);"},{"t":"text","text":"\n","tail":"\n"},{"t":"num","text":"(bb)"},{"t":"content","text":" the current list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or"},{"t":"text","text":"\n","tail":"\n"},{"t":"num","text":"(cc)"},{"t":"content","text":" the identification and designation of any subsectors of such sectors; and"},{"t":"text","text":"\n","tail":"\n"}],"tail":"\n"},{"t":"subclause","id":"/us/usc/t6/s652a/b/1/B/ii/II","children":[{"t":"num","text":"(II)"},{"t":"content","text":" any revisions to the list of designated Federal departments or agencies that serve as the Sector Risk Management Agency for a sector or subsector of such section, necessary to comply with paragraph (3)(B).","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/b/2","children":[{"t":"num","text":"(2)"},{"t":"heading","text":"Periodic evaluation by the Secretary"},{"t":"chapeau","text":"At least once every five years, the Secretary, in consultation with the Director and the heads of Sector Risk Management Agencies, shall\u2014"},{"t":"subpara","id":"/us/usc/t6/s652a/b/2/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" evaluate the current list of designated critical infrastructure sectors and subsectors of such sectors and the appropriateness of Sector Risk Management Agency designations, as set forth in Presidential Policy Directive 21, any successor or related document, or policy; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s652a/b/2/B","children":[{"t":"num","text":"(B)"},{"t":"chapeau","text":" recommend, as appropriate, to the President\u2014"},{"t":"clause","id":"/us/usc/t6/s652a/b/2/B/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" revisions to the current list of designated critical infrastructure sectors or subsectors of such sectors; and","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t6/s652a/b/2/B/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" revisions to the designation of any Federal department or agency designated as the Sector Risk Management Agency for a sector or subsector of such sector.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/b/3","children":[{"t":"num","text":"(3)"},{"t":"heading","text":"Review and revision by the President"},{"t":"chapeau","text":"Not later than 180 days after the Secretary submits a recommendation pursuant to paragraph (1) or (2), the President shall\u2014"},{"t":"subpara","id":"/us/usc/t6/s652a/b/3/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" review the recommendation and revise, as appropriate, the designation of a critical infrastructure sector or subsector or the designation of a Sector Risk Management Agency; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s652a/b/3/B","children":[{"t":"num","text":"(B)"},{"t":"chapeau","text":" submit to the appropriate congressional committees, the Majority and Minority Leaders of the Senate, and the Speaker and Minority Leader of the House of Representatives, a report that includes\u2014"},{"t":"clause","id":"/us/usc/t6/s652a/b/3/B/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" an explanation with respect to the basis for accepting or rejecting the recommendations of the Secretary; and","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t6/s652a/b/3/B/ii","children":[{"t":"num","text":"(ii)"},{"t":"chapeau","text":" information relating to the analysis framework, methodology, metrics, and data used to\u2014"},{"t":"subclause","id":"/us/usc/t6/s652a/b/3/B/ii/I","children":[{"t":"num","text":"(I)"},{"t":"content","text":" evaluate the current framework for securing critical infrastructure referred to in paragraph (1)(A); and","tail":"\n"}],"tail":"\n"},{"t":"subclause","id":"/us/usc/t6/s652a/b/3/B/ii/II","children":[{"t":"num","text":"(II)"},{"t":"chapeau","text":" develop\u2014"},{"t":"num","text":"(aa)"},{"t":"chapeau","text":" recommendations to revise\u2014"},{"t":"num","text":"(AA)"},{"t":"content","text":" the list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or"},{"t":"text","text":"\n"},{"t":"text","text":"\n"},{"t":"num","text":"(BB)"},{"t":"content","text":" the designation of any subsectors of such sectors; and"},{"t":"text","text":"\n"},{"t":"text","text":"\n","tail":"\n"},{"t":"num","text":"(bb)"},{"t":"content","text":" the recommendations of the Secretary."},{"t":"text","text":"\n","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/b/4","children":[{"t":"num","text":"(4)"},{"t":"heading","text":"Publication"},{"t":"content","children":[{"t":"p","text":"Any designation of critical infrastructure sectors shall be published in the Federal Register.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subsec","id":"/us/usc/t6/s652a/c","children":[{"t":"num","text":"(c)"},{"t":"heading","text":"Sector Risk Management Agencies"},{"t":"para","id":"/us/usc/t6/s652a/c/1","children":[{"t":"num","text":"(1)"},{"t":"heading","text":"Omitted"},{"t":"content","tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/c/2","children":[{"t":"num","text":"(2)"},{"t":"heading","text":"Omitted"},{"t":"content","tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/c/3","children":[{"t":"num","text":"(3)"},{"t":"heading","text":"References"},{"t":"chapeau","text":"Any reference to a Sector Specific Agency (including any permutations or conjugations thereof) in any law, regulation, map, document, record, or other paper of the United States shall be deemed to\u2014"},{"t":"subpara","id":"/us/usc/t6/s652a/c/3/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" be a reference to the Sector Risk Management Agency of the relevant critical infrastructure sector; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t6/s652a/c/3/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" have the meaning given such term in ","children":[{"t":"ref","text":"section 650 of this title","href":"/us/usc/t6/s650","tail":"."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t6/s652a/c/4","children":[{"t":"num","text":"(4)"},{"t":"heading","text":"Omitted"},{"t":"content","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subsec","id":"/us/usc/t6/s652a/d","children":[{"t":"num","text":"(d)"},{"t":"heading","text":"Report and auditing"},{"t":"content","children":[{"t":"p","text":"Not later than two years after ","children":[{"t":"text","text":"January 1, 2021","tail":" and every four years thereafter for 12 years, the Comptroller General of the United States shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the effectiveness of Sector Risk Management Agencies in carrying out their responsibilities under "},{"t":"ref","text":"section 665d of this title","href":"/us/usc/t6/s665d","tail":"."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"text","text":"\n"},{"t":"text","text":"\n"}]}]}