Page:United States Statutes at Large Volume 124.djvu/2715

124 STAT. 2689 PUBLIC LAW 111–259—OCT. 7, 2010 (4) a strategic plan prepared by the Director of National Intelligence, in coordination with the Attorney General, the Secretary of Defense, and the Secretary of Homeland Security, that provides for actions for the appropriate elements of the intelligence community to close important intelligence gaps related to biological weapons; (5) a description of appropriate goals, schedules, milestones, or metrics to measure the long-term effectiveness of actions implemented to carry out the plan described in paragraph (4); and (6) any long-term resource and human capital issues related to the collection of intelligence regarding biological weapons, including any recommendations to address shortfalls of experi- enced and qualified staff possessing relevant scientific, lan- guage, and technical skills. (c) IMPLEMENTATION OF STRATEGIC PLAN.—Not later than 30 days after the date on which the Director of National Intelligence submits the report required by subsection (a), the Director shall begin implementation of the strategic plan referred to in subsection (b)(4). SEC. 336. CYBERSECURITY OVERSIGHT. (a) NOTIFICATION OF CYBERSECURITY PROGRAMS.— (1) REQUIREMENT FOR NOTIFICATION.— (A) EXISTING PROGRAMS.—Not later than 30 days after the date of the enactment of this Act, the President shall submit to Congress a notification for each cybersecurity program in operation on such date that includes the docu- mentation referred to in subparagraphs (A) through (F) of paragraph (2). (B) NEW PROGRAMS.—Not later than 30 days after the date of the commencement of operations of a new cybersecurity program, the President shall submit to Con- gress a notification of such commencement that includes the documentation referred to in subparagraphs (A) through (F) of paragraph (2). (2) DOCUMENTATION.—A notification required by paragraph (1) for a cybersecurity program shall include— (A) the legal basis for the cybersecurity program; (B) the certification, if any, made pursuant to section 2511(2)(a)(ii)(B) of title 18, United States Code, or other statutory certification of legality for the cybersecurity pro- gram; (C) the concept for the operation of the cybersecurity program that is approved by the head of the appropriate department or agency of the United States; (D) the assessment, if any, of the privacy impact of the cybersecurity program prepared by the privacy or civil liberties protection officer or comparable officer of such department or agency; (E) the plan, if any, for independent audit or review of the cybersecurity program to be carried out by the head of such department or agency, in conjunction with the appropriate inspector general; and (F) recommendations, if any, for legislation to improve the capabilities of the United States Government to protect the cybersecurity of the United States. Certification. Deadlines. President. 6 USC 121 note. Deadline.