44 USC 3535: Annual independent evaluation
Result 1 of 1
   
 
<< Previous   TITLE 44 / CHAPTER 35 / SUBCHAPTER II / § 3535   Next >>
 
44 USC 3535: Annual independent evaluation Text contains those laws in effect on January 2, 2001
From Title 44-PUBLIC PRINTING AND DOCUMENTSCHAPTER 35-COORDINATION OF FEDERAL INFORMATION POLICYSUBCHAPTER II-INFORMATION SECURITY
Jump To: Source CreditReferences In Text

§3535. Annual independent evaluation

(a)(1) Each year each agency shall have performed an independent evaluation of the information security program and practices of that agency.

(2) Each evaluation by an agency under this section shall include-

(A) testing of the effectiveness of information security control techniques for an appropriate subset of the agency's information systems; and

(B) an assessment (made on the basis of the results of the testing) of the compliance with-

(i) the requirements of this subchapter; and

(ii) related information security policies, procedures, standards, and guidelines.


(3) The Inspector General or the independent evaluator performing an evaluation under this section may use an audit, evaluation, or report relating to programs or practices of the applicable agency.

(b)(1)(A) Subject to subparagraph (B), for agencies with Inspectors General appointed under the Inspector General Act of 1978 (5 U.S.C. App.) or any other law, the annual evaluation required under this section or, in the case of systems described under subparagraphs (A) and (B) of section 3532(b)(2), an audit of the annual evaluation required under this section, shall be performed by the Inspector General or by an independent evaluator, as determined by the Inspector General of the agency.

(B) For systems described under subparagraphs (A) and (B) of section 3532(b)(2), the evaluation required under this section shall be performed only by an entity designated by the Secretary of Defense, the Director of Central Intelligence, or another agency head as designated by the President.

(2) For any agency to which paragraph (1) does not apply, the head of the agency shall contract with an independent evaluator to perform the evaluation.

(c) Each year, not later than the anniversary of the date of the enactment of this subchapter, the applicable agency head shall submit to the Director-

(1) the results of each evaluation required under this section, other than an evaluation of a system described under subparagraph (A) or (B) of section 3532(b)(2); and

(2) the results of each audit of an evaluation required under this section of a system described under subparagraph (A) or (B) of section 3532(b)(2).


(d)(1) The Director shall submit to Congress each year a report summarizing the materials received from agencies pursuant to subsection (c) in that year.

(2) Evaluations and audits of evaluations of systems under the authority and control of the Director of Central Intelligence and evaluations and audits of evaluation of National Foreign Intelligence Programs systems under the authority and control of the Secretary of Defense shall be made available only to the appropriate oversight committees of Congress, in accordance with applicable laws.

(e) Agencies and evaluators shall take appropriate actions to ensure the protection of information, the disclosure of which may adversely affect information security. Such protections shall be commensurate with the risk and comply with all applicable laws.

(Added Pub. L. 106–398, §1 [[div. A], title X, §1061], Oct. 30, 2000, 114 Stat. 1654 , 1654A-271.)

References in Text

The Inspector General Act of 1978, referred to in subsec. (b)(1)(A), is Pub. L. 95–452, Oct. 12, 1978, 92 Stat. 1101 , as amended, which is set out in the Appendix to Title 5, Government Organization and Employees.

The date of the enactment of this subchapter, referred to in subsec. (c), is the date of enactment of Pub. L. 106–398, which was approved Oct. 30, 2000.

Section Referred to in Other Sections

This section is referred to in title 10 section 2224.