Cyberattacks against government, critical infrastructure, and other private entities have placed pressure on Congress and the Administration to act.  Additionally, the United States currently does not have a national data privacy law, and pressure is building on Congress to establish a federal standard.

Below is an overview of what federal action has been taken to date, and what is pending.

Cybersecurity

• Executive Orders
• Congress
  • NEMA-Watched Legislation
  • NEMA-Watched Amendments to Legislation
  • Enacted Legislation
  • Congressional Calendar
    • House
    • Senate

• Federal Agencies
  • NIST
    • Cybersecurity Framework
    • Risk Management Framework
    • Cybersecurity Labeling for Consumers: IoT Devices & Software
  • CISA
    • Critical Infrastructure Sector: Critical Manufacturing
    • Critical Infrastructure Sector: Energy
    • Sector Coordinating Councils
• Resources
  • Cybersecurity
    • CyberSentry (via Department of Homeland Security)
      Voluntary program to enhance the cyber resilience of organizations that own and operate critical infrastructure.
    • Baldrige Performance Excellence Program
      Presidential award program that recognizes business performance, including in cybersecurity and risk mitigation.
    • Rewards for Justice Program
      Companies and individuals that have information on state-sponsored Russian cyber operations targeting U.S. critical infrastructure (including manufacturing) are encouraged to contact the Department of State’s Rewards for Justice Program. Participants may be eligible for a reward of up to $10 million.

Data Privacy

• Congress: NEMA-Watched Legislation
• NIST: Privacy Framework