--- title: "Strengthening American Cybersecurity Act of 2022" identifier: "117-S-3600" congress: 117 bill_number: 3600 bill_type: "S" version_code: "es" version_type: "Engrossed in Senate" bill_url: "https://chamberzero.com/congresses/117/bills/s/3600" source: "https://www.congress.gov/bill/117th-congress/senate-bill/3600" other_versions: - { code: "pcs", type: "Placed on Calendar Senate", date: "2022-02-09", url: "https://chamberzero.com/congresses/117/bills/s/3600/text.md?version=pcs" } site: "Chamber Zero" site_url: "https://chamberzero.com" rendered_at: "2026-06-03T23:39:48.708Z" --- ## SEC. 1 Short title. [Read Section 1 →](/congresses/117/bills/s/3600/sections/1-section-one.md) ## SEC. 2 Table of contents. [Read Section 2 →](/congresses/117/bills/s/3600/sections/2.md) # TITLE I — Federal Information Security Modernization Act of 2022 ## SEC. 101 Short title. [Read Section 101 →](/congresses/117/bills/s/3600/sections/TI-101.md) ## SEC. 102 Definitions. [Read Section 102 →](/congresses/117/bills/s/3600/sections/TI-102.md) ## SEC. 103 Title 44 amendments. [Read Section 103 →](/congresses/117/bills/s/3600/sections/TI-103.md) ## SEC. 104 Amendments to subtitle III of title 40. [Read Section 104 →](/congresses/117/bills/s/3600/sections/TI-104.md) ## SEC. 105 Actions to enhance Federal incident transparency. [Read Section 105 →](/congresses/117/bills/s/3600/sections/TI-105.md) ## SEC. 106 Additional guidance to agencies on FISMA updates. [Read Section 106 →](/congresses/117/bills/s/3600/sections/TI-106.md) ## SEC. 107 Agency requirements to notify private sector entities impacted by incidents. [Read Section 107 →](/congresses/117/bills/s/3600/sections/TI-107.md) ## SEC. 108 Mobile security standards. [Read Section 108 →](/congresses/117/bills/s/3600/sections/TI-108.md) ## SEC. 109 Data and logging retention for incident response. [Read Section 109 →](/congresses/117/bills/s/3600/sections/TI-109.md) ## SEC. 110 CISA agency advisors. [Read Section 110 →](/congresses/117/bills/s/3600/sections/TI-110.md) ## SEC. 111 Federal penetration testing policy. [Read Section 111 →](/congresses/117/bills/s/3600/sections/TI-111.md) ## SEC. 112 Ongoing threat hunting program. [Read Section 112 →](/congresses/117/bills/s/3600/sections/TI-112.md) ## SEC. 113 Codifying vulnerability disclosure programs. [Read Section 113 →](/congresses/117/bills/s/3600/sections/TI-113.md) ## SEC. 114 Implementing zero trust architecture. [Read Section 114 →](/congresses/117/bills/s/3600/sections/TI-114.md) ## SEC. 115 Automation reports. [Read Section 115 →](/congresses/117/bills/s/3600/sections/TI-115.md) ## SEC. 116 Extension of Federal acquisition security council and software inventory. [Read Section 116 →](/congresses/117/bills/s/3600/sections/TI-116.md) ## SEC. 117 Council of the Inspectors General on Integrity and Efficiency dashboard. [Read Section 117 →](/congresses/117/bills/s/3600/sections/TI-117.md) ## SEC. 118 Quantitative cybersecurity metrics. [Read Section 118 →](/congresses/117/bills/s/3600/sections/TI-118.md) ## SEC. 119 Establishment of risk-based budget model. [Read Section 119 →](/congresses/117/bills/s/3600/sections/TI-119.md) ## SEC. 120 Active cyber defensive study. [Read Section 120 →](/congresses/117/bills/s/3600/sections/TI-120.md) ## SEC. 121 Security operations center as a service pilot. [Read Section 121 →](/congresses/117/bills/s/3600/sections/TI-121.md) ## SEC. 122 Extension of Chief Data Officer Council. [Read Section 122 →](/congresses/117/bills/s/3600/sections/TI-122.md) ## SEC. 123 Federal cybersecurity requirements. [Read Section 123 →](/congresses/117/bills/s/3600/sections/TI-123.md) # TITLE II — Cyber Incident Reporting for Critical Infrastructure Act of 2022 ## SEC. 201 Short title. [Read Section 201 →](/congresses/117/bills/s/3600/sections/TII-201.md) ## SEC. 202 Definitions. [Read Section 202 →](/congresses/117/bills/s/3600/sections/TII-202.md) ## SEC. 203 Cyber incident reporting. [Read Section 203 →](/congresses/117/bills/s/3600/sections/TII-203.md) ## SEC. 204 Federal sharing of incident reports. [Read Section 204 →](/congresses/117/bills/s/3600/sections/TII-204.md) ## SEC. 205 Ransomware vulnerability warning pilot program. [Read Section 205 →](/congresses/117/bills/s/3600/sections/TII-205.md) ## SEC. 206 Ransomware threat mitigation activities. [Read Section 206 →](/congresses/117/bills/s/3600/sections/TII-206.md) ## SEC. 207 Congressional reporting. [Read Section 207 →](/congresses/117/bills/s/3600/sections/TII-207.md) # TITLE III — Federal Secure Cloud Improvement and Jobs Act of 2022 ## SEC. 301 Short title. [Read Section 301 →](/congresses/117/bills/s/3600/sections/TIII-301.md) ## SEC. 302 Findings. [Read Section 302 →](/congresses/117/bills/s/3600/sections/TIII-302.md) ## SEC. 303 Title 44 amendments. [Read Section 303 →](/congresses/117/bills/s/3600/sections/TIII-303.md)