Among the newly mandated cybersecurity controls that federal agencies must implement are two-factor authentication and encryption for sensitive systems. DHS and the Office of Management and Budget (OMB) would be required to do a comprehensive assessment of active breaches in federal networks to hunt down and remove intruders.
The DHS intrusion detection and prevention system known as EINSTEIN would made available to other federal agencies following uncertainty whether other agency could deploy the technology. EINSTEIN would be further strengthened by the addition of advanced cyber technologies including commercial tools. Agencies would be required to implement the system within one year of this bill’s enactment. Privacy protections for the system along with transparency and accountability concerns would be addressed in annual status reports to Congress.
All of these requirements would sunset after seven years, while both DHS and OMB would be subject to ongoing reporting to Congress on the implementation of the EINSTEIN system.