7: Regulatory Requirements
Determine if cybersecurity regulatory requirements are sufficient. Other Information:
Sec. 10. Adoption of Framework. (a) Agencies with responsibility for regulating the security of critical infrastructure shall
engage in a consultative process with DHS, OMB, and the National Security Staff to review the preliminary Cybersecurity Framework
and determine if current cybersecurity regulatory requirements are sufficient given current and projected risks. In making
such determination, these agencies shall consider the identification of critical infrastructure required under section 9 of
this order. Within 90 days of the publication of the preliminary Framework, these agencies shall submit a report to the President,
through the Assistant to the President for Homeland Security and Counterterrorism, the Director of OMB, and the Assistant
to the President for Economic Affairs, that states whether or not the agency has clear authority to establish requirements
based upon the Cybersecurity Framework to sufficiently address current and projected cyber risks to critical infrastructure,
the existing authorities identified, and any additional authority required.
Objective(s):
|
