(i) Within 30 days of completion of the initial review described in subsection (d) of this section, the Secretary of Homeland Security shall provide to the President through the APNSA the recommendations of the Board based on the initial review. These recommendations shall describe:
- (i) identified gaps in, and options for, the Board’s composition or authorities;
- (ii) the Board’s proposed mission, scope, and responsibilities;
- (iii) membership eligibility criteria for private-sector representatives;
- (iv) Board governance structure including interaction with the executive branch and the Executive Office of the President;
- (v) thresholds and criteria for the types of cyber incidents to be evaluated;
- (vi) sources of information that should be made available to the Board, consistent with applicable law and policy;
- (vii) an approach for protecting the information provided to the Board and securing the cooperation of affected United States individuals and entities for the purpose of the Board’s review of incidents; and
- (viii) administrative and budgetary considerations required for operation of the Board.
(j) The Secretary of Homeland Security, in consultation with the Attorney General and the APNSA, shall review the recommendations provided to the President through the APNSA pursuant to subsection (i) of this section and take steps to implement them as appropriate.
(k) Unless otherwise directed by the President, the Secretary of Homeland Security shall extend the life of the Board every 2 years as the Secretary of Homeland Security deems appropriate, pursuant to section 871 of the Homeland Security Act of 2002.
Sec. 6. Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents. (a) The cybersecurity vulnerability and incident response procedures currently used to identify, remediate, and recover from vulnerabilities and incidents affecting their systems vary across agencies, hindering the ability of lead agencies to analyze vulnerabilities and incidents more comprehensively across agencies. Standardized response processes ensure a more coordinated and centralized cataloging of incidents and tracking of agencies’ progress toward successful responses.
(b) Within 120 days of the date of this order, the Secretary of Homeland Security acting through the Director of CISA, in consultation with the Director of OMB, the Federal Chief Information Officers Council, and the Federal Chief Information Security Council, and in coordination with the Secretary of Defense acting through the Director of the NSA, the Attorney General, and the Director of National Intelligence, shall develop a standard set of operational procedures (playbook) to be used in planning and conducting a cybersecurity vulnerability and incident response activity respecting FCEB Information Systems. The playbook shall:
- (i) incorporate all appropriate NIST standards;
- (ii) be used by FCEB Agencies; and
- (iii) articulate progress and completion through all phases of an incident response, while allowing flexibility so it may be used in support of various response activities.
(c) The Director of OMB shall issue guidance on agency use of the playbook.
(d) Agencies with cybersecurity vulnerability or incident response procedures that deviate from the playbook may use such procedures only after consulting with the Director of OMB and the APNSA and demonstrating that these procedures meet or exceed the standards proposed in the playbook.
