The Senate just passed The National Defense Authorization Act, or NDAA, annual defense spending bill – with key cyber provisions, but noticeably lacking a cyber incident reporting measure (following partisan disagreements).
Here are a few highlights covering cyber issues:
- The NDAA authorizes CISA’s CyberSentry program for securing industrial control systems
- An amendment would require CISA to update its IRP at least every two years
- It codifies CISA’s National Cyber Exercise program
- Requires the DOD to submit a report on how its Cybersecurity Maturity Model Certification program affects small businesses