H.R. 5983 would amend the Homeland Security Act of 2002 to enhance the information security of the Department of Homeland Security.

== Detailed Summary ==

<summary>
(LogHomeland Security Network Defense and Accountability Act of 2008 - Amends the Homeland Security Act of 2002 to direct the Secretary of the Department of Homeland Security (DHS) to delegate to the Department's Chief Information Officer (CIO) authority for the development, approval, implementation, integration, and oversight of DHS policies, procedures, activities, funding, and systems relating to information management and information infrastructure.

Lists CIO qualifications (including at least five years of executive leadership and management experience in information technology and information security) and functions (including establishing an incident response team).

(Sec. 3) Directs the CIO to editestablish, oversee the wikideployment of, and beregularly update security control testing protocols that ensure that DHS's information infrastructure is effectively protected against known attacks and exploitations of federal and contractor information infrastructure.

(Sec. 4) Requires the firstInspector General to conduct performance and programmatic reviews of DHS's information infrastructure to determine the effectiveness of its security policies and controls. Requires programmatic reviews to: (1) determine whether a DHS component is complying with policies, processes, and procedures established by the CIO; and (2) focus on risk assessment, management, and mitigation, with primary regard to the implementation of best practices such as authentication, access control (including remote access), intrusion detection and prevention, and data protection and integrity. Directs the Inspector General to submit a security report on each review that includes prioritized recommendations for improving security controls, including recommendations regarding funding changes and personnel management, to the Secretary, CIO, and head of the DHS componen. Requires: (1) the DHS component head and the CIO to jointly submit a corrective action report to the Secretary and the Inspector General; and (2) the Inspector General to submit an annual report to the House and Senate homeland security committees.

(Sec. 5) Defines &quot;information infrastructure&quot; under such Act as systems and assets used in processing, transmitting, receiving, or storing information electronically.

(Sec. 6) Requires the Secretary, before entering into or renewing a covered contract and acting through the CIO, to determine that the contractor has an internal information systems security policy that complies with DHS information security requirements. Sets forth contract requirements regarding security and subcontracting, including requiring the contractor to: (1) provide contracted services on a detailed summarycontinuing basis to DHS in the event of an unplanned or disruptive event; (2) deliver timely notice of any internal computer incident that could violate or threaten computer security policies, acceptable use policies, or standard security practices at DHS to the bill!)U.S. Computer Emergency Readiness Team and the incident response team; and (3) develop and implement a plan for the award of subcontracts to small business and disadvantaged business concerns.

Directs the Secretary to report to the House Homeland Security Committee and the Senate Homeland Security and Governmental Affairs Committee on: (1) progress in implementing requirements issued by the Office of Management and Budget (OMB) for encryption, authentication, Internet Protocol version 6, and Trusted Internet Connections; (2) a plan to investigate breaches against DHS's information infrastructure for purposes of counterintelligence assessment, attribution, and response; (3) a proposal to increase threat information sharing with contractors and provide specialized damage assessment training to private sector information security professionals; and (4) a process to coordinate DHS's information infrastructure protection activities.

(Sec. 7) Provides that nothing in this Act shall affect the application of the Federal Information Management Security Act of 2002 to DHS.
</summary>

<!--Leave in the 'summary' tags if you want the latest summary from the Congressional Research Service automatically to replace the text between the tags once it becomes available. -->

== Status of the Legislation ==

<status>
Latest Major Action: 5/7/2008:7/31/2008: Referred to HouseSenate committee. Status: ReferredReceived in the Senate and Read twice and referred to the House Committee on Homeland Security.Security and Governmental Affairs.
</status>

<!-- Leave in the 'status' tags if you want the latest reported status from THOMAS automatically to replace the text between the tags once it becomes available. -->

== Points in Favor ==

(Log in to edit the wiki and be the first to show why the bill should pass!)
<!-- First editor: Go ahead and take out the sentence in parentheses, and this notice! -->

== Points Against ==

(Log in to edit the wiki and be the first to show why the bill should not pass!)
<!-- First editor: Go ahead and take out the sentence in parentheses, and this notice! -->