US Code
Part A— Cybersecurity and Infrastructure Security
§ 664. National asset database

(a) Establishment(1) National asset databaseThe Secretary shall establish and maintain a national database of each system or asset that—(A) the Secretary, in consultation with appropriate homeland security officials of the States, determines to be vital and the loss, interruption, incapacity, or destruction of which would have a negative or debilitating effect on the economic security, public health, or safety of the United States, any State, or any local government; or
(B) the Secretary determines is appropriate for inclusion in the database.
(2) Prioritized critical infrastructure listIn accordance with Homeland Security Presidential Directive–7, as in effect on January 1, 2007, the Secretary shall establish and maintain a single classified prioritized list of systems and assets included in the database under paragraph (1) that the Secretary determines would, if destroyed or disrupted, cause national or regional catastrophic effects.
(b) Use of databaseThe Secretary shall use the database established under subsection (a)(1) in the development and implementation of Department plans and programs as appropriate.
(c) Maintenance of database(1) In generalThe Secretary shall maintain and annually update the database established under subsection (a)(1) and the list established under subsection (a)(2), including—(A) establishing data collection guidelines and providing such guidelines to the appropriate homeland security official of each State;
(B) regularly reviewing the guidelines established under subparagraph (A), including by consulting with the appropriate homeland security officials of States, to solicit feedback about the guidelines, as appropriate;
(C) after providing the homeland security official of a State with the guidelines under subparagraph (A), allowing the official a reasonable amount of time to submit to the Secretary any data submissions recommended by the official for inclusion in the database established under subsection (a)(1);
(D) examining the contents and identifying any submissions made by such an official that are described incorrectly or that do not meet the guidelines established under subparagraph (A); and
(E) providing to the appropriate homeland security official of each relevant State a list of submissions identified under subparagraph (D) for review and possible correction before the Secretary finalizes the decision of which submissions will be included in the database established under subsection (a)(1).
(2) Organization of information in databaseThe Secretary shall organize the contents of the database established under subsection (a)(1) and the list established under subsection (a)(2) as the Secretary determines is appropriate. Any organizational structure of such contents shall include the categorization of the contents—(A) according to the sectors listed in National Infrastructure Protection Plan developed pursuant to Homeland Security Presidential Directive–7; and
(B) by the State and county of their location.
(3) Private sector integrationThe Secretary shall identify and evaluate methods, including the Department’s Protected Critical Infrastructure Information Program, to acquire relevant private sector information for the purpose of using that information to generate any database or list, including the database established under subsection (a)(1) and the list established under subsection (a)(2).
(4) Retention of classificationThe classification of information required to be provided to Congress, the Department, or any other department or agency under this section by a Sector Risk Management Agency, including the assignment of a level of classification of such information, shall be binding on Congress, the Department, and that other Federal agency.
(d) Reports(1) Report requiredNot later than 180 days after August 3, 2007, and annually thereafter, the Secretary shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the database established under subsection (a)(1) and the list established under subsection (a)(2).
(2) Contents of reportEach such report shall include the following:(A) The name, location, and sector classification of each of the systems and assets on the list established under subsection (a)(2).
(B) The name, location, and sector classification of each of the systems and assets on such list that are determined by the Secretary to be most at risk to terrorism.
(C) Any significant challenges in compiling the list of the systems and assets included on such list or in the database established under subsection (a)(1).
(D) Any significant changes from the preceding report in the systems and assets included on such list or in such database.
(E) If appropriate, the extent to which such database and such list have been used, individually or jointly, for allocating funds by the Federal Government to prevent, reduce, mitigate, or respond to acts of terrorism.
(F) The amount of coordination between the Department and the private sector, through any entity of the Department that meets with representatives of private sector industries for purposes of such coordination, for the purpose of ensuring the accuracy of such database and such list.
(G) Any other information the Secretary deems relevant.
(3) Classified informationThe report shall be submitted in unclassified form but may contain a classified annex.
(e) National Infrastructure Protection ConsortiumThe Secretary may establish a consortium to be known as the “National Infrastructure Protection Consortium”. The Consortium may advise the Secretary on the best way to identify, generate, organize, and maintain any database or list of systems and assets established by the Secretary, including the database established under subsection (a)(1) and the list established under subsection (a)(2). If the Secretary establishes the National Infrastructure Protection Consortium, the Consortium may—(1) be composed of national laboratories, Federal agencies, State and local homeland security organizations, academic institutions, or national Centers of Excellence that have demonstrated experience working with and identifying critical infrastructure and key resources; and
(2) provide input to the Secretary on any request pertaining to the contents of such database or such list.

Structure US Code

US Code

Title 6— DOMESTIC SECURITY

CHAPTER 1— HOMELAND SECURITY ORGANIZATION

SUBCHAPTER XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY

Part A— Cybersecurity and Infrastructure Security

§ 651. Definition

§ 652. Cybersecurity and Infrastructure Security Agency

§ 652a. Sector Risk Management Agencies

§ 653. Cybersecurity Division

§ 654. Infrastructure Security Division

§ 655. Enhancement of Federal and non-Federal cybersecurity

§ 656. NET Guard

§ 657. Cyber Security Enhancement Act of 2002

§ 658. Cybersecurity recruitment and retention

§ 659. National cybersecurity and communications integration center

§ 660. Cybersecurity plans

§ 661. Cybersecurity strategy

§ 662. Clearances

§ 663. Federal intrusion detection and prevention system

§ 664. National asset database

§ 665. Duties and authorities relating to .gov internet domain

§ 665a. Intelligence and cybersecurity diversity fellowship program

§ 665b. Joint cyber planning office

§ 665c. Cybersecurity State Coordinator

§ 665d. Sector Risk Management Agencies

§ 665e. Cybersecurity Advisory Committee

§ 665f. Cybersecurity education and training programs

§ 665g. State and Local Cybersecurity Grant Program

§ 665h. National Cyber Exercise Program

§ 665i. CyberSentry program

§ 665j. Ransomware threat mitigation activities

§ 665k. Federal Clearinghouse on School Safety Evidence-based Practices

§ 665l. School and daycare protection

§ 665m. President’s Cup Cybersecurity Competition

§ 665n. Industrial Control Systems Cybersecurity Training Initiative