A bill to require the Director of the Office of Management and Budget to develop a model for risk-based budgeting, and for other purposes.
Risk-Informed Spending for Cybersecurity Act
This bill requires the Office of Management and Budget, in coordination with the Cybersecurity and Infrastructure Security Agency, to develop a standard model for creating a risk-based budget for cybersecurity spending.
The risk-based budget must (1) be developed by identifying and prioritizing cybersecurity risks and vulnerabilities through analysis of threat intelligence, incident data, and tactics, techniques, procedures, and capabilities of cyber threats; and (2) allocate resources based on the risks identified and prioritized.
Within two years of the development of the model, federal agencies must begin using the model to develop annual cybersecurity and information technology budget requests.
Introduced in Senate
Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
checking server…
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line