United States of America: Introduced Strengthening American Cybersecurity Act of 2022 (S. 3600)

The Strengthening American Cybersecurity Act of 2022 (S. 3600) is introduced in the US Senate. The Act contains three cybersecurity bills. The first bill is the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which establishes a Cyber Incident Review Office in the Cybersecurity and Infrastructure Security Agency (CISA) and requires critical infrastructure controllers and civilian federal agencies to report any significant cyberattack to the CISA within 72 hours (24 hours for ransomware attacks to critical infrastructure). The second bill is the Federal Information Security Modernisation Act of 2022, which clarifies the roles of various federal entities related to cybersecurity, introduces new supply chain transparency requirements and promotes updated security principles. Finally, the third bill is the Federal Secure Cloud Improvement and Jobs Act of 2022, which authorises the five-year Federal Risk and Authorisation Management Program to speed up the equipment of federal agencies with security-proof cloud-based technologies.