PRIA Logo
Take the PRIA Score
Title 6Domestic SecurityRelease 119-73

§665e Cybersecurity Advisory Committee

Title 6 › Chapter CHAPTER 1— - HOMELAND SECURITY ORGANIZATION › Subchapter SUBCHAPTER XVIII— - CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY › Part Part A— - Cybersecurity and Infrastructure Security › § 665e

Last updated Apr 6, 2026|Official source

Summary

Requires the Secretary to create a Cybersecurity Advisory Committee inside the Agency. The Committee must advise the Director on agency cybersecurity policies, programs, planning, and training. At the Director’s request it must make recommendations to improve the Agency’s work and U.S. cybersecurity. Subcommittee recommendations must be approved by the full Committee before they go into the Committee’s annual report. The Committee must send reports when the Director asks and when a majority of members want to. It must send an annual report about the past year’s activities, findings, and recommendations. The Director must publish a public version of that report within 180 days of getting it, following section 552(b) of title 5. The Director must reply in writing within 90 days to any Committee recommendation. If the Director agrees, the reply must include an action plan. If the Director disagrees, the reply must explain why. At least once a year after January 1, 2021, the Director must brief several House and Senate homeland security and appropriations committees and the House Energy and Commerce Committee. The Director must set rules for how the Committee and its subcommittees are run. The Director must appoint up to 35 members within 180 days after the specified 2020 law. Members serve two-year terms and may stay until successors are named. They must be subject-matter experts, geographically balanced, and include state, local, and Tribal government reps and people from many industries (for example: defense, education, finance, healthcare, manufacturing, media, chemicals, retail, transportation, energy, IT, and communications). No category may have fewer than one or more than three members. The Committee must publish its member list at least once per fiscal year and update changes. Members get no pay from the government. The Committee and each subcommittee must meet at least twice a year, and at least one meeting must be open to the public. The Committee must keep attendance records. Within 60 days of appointment and before giving classified access, the Director will decide any restrictions on a member’s access to classified information. Classified access must follow Executive Order 13526, and members must protect classified materials. The Committee chooses a chair and subcommittee chairs. The Director creates subcommittees (for example: information exchange, critical infrastructure, risk management, and public–private partnerships), and the chair appoints subcommittee members with relevant expertise.

Full Legal Text

Title 6, §665e

Domestic Security — Source: USLM XML via OLRC

(a)The Secretary shall establish within the Agency a Cybersecurity Advisory Committee (referred to in this section as the “Advisory Committee”).
(b)(1)The Advisory Committee shall advise, consult with, report to, and make recommendations to the Director, as appropriate, on the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the Agency.
(2)(A)The Advisory Committee shall develop, at the request of the Director, recommendations for improvements to advance the cybersecurity mission of the Agency and strengthen the cybersecurity of the United States.
(B)Recommendations agreed upon by subcommittees established under subsection (d) for any year shall be approved by the Advisory Committee before the Advisory Committee submits to the Director the annual report under paragraph (4) for that year.
(3)The Advisory Committee shall periodically submit to the Director—
(A)reports on matters identified by the Director; and
(B)reports on other matters identified by a majority of the members of the Advisory Committee.
(4)(A)The Advisory Committee shall submit to the Director an annual report providing information on the activities, findings, and recommendations of the Advisory Committee, including its subcommittees, for the preceding year.
(B)Not later than 180 days after the date on which the Director receives an annual report for a year under subparagraph (A), the Director shall publish a public version of the report describing the activities of the Advisory Committee and such related matters as would be informative to the public during that year, consistent with section 552(b) of title 5.
(5)Not later than 90 days after receiving any recommendation submitted by the Advisory Committee under paragraph (2), (3), or (4), the Director shall respond in writing to the Advisory Committee with feedback on the recommendation. Such a response shall include—
(A)with respect to any recommendation with which the Director concurs, an action plan to implement the recommendation; and
(B)with respect to any recommendation with which the Director does not concur, a justification for why the Director does not plan to implement the recommendation.
(6)Not less frequently than once per year after January 1, 2021, the Director shall provide to the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate and the Committee on Homeland Security, the Committee on Energy and Commerce, and the Committee on Appropriations of the House of Representatives a briefing on feedback from the Advisory Committee.
(7)The Director shall establish rules for the structure and governance of the Advisory Committee and all subcommittees established under subsection (d).
(c)(1)(A)Not later than 180 days after the date of enactment of the Cybersecurity Advisory Committee Authorization Act of 2020,11 See References in Text note below. the Director shall appoint the members of the Advisory Committee.
(B)The membership of the Advisory Committee shall consist of not more than 35 individuals.
(C)(i)The membership of the Advisory Committee shall satisfy the following criteria:
(I)Consist of subject matter experts.
(II)Be geographically balanced.
(III)Include representatives of State, local, and Tribal governments and of a broad range of industries, which may include the following:
(aa)Defense.
(bb)Education.
(cc)Financial services and insurance.
(dd)Healthcare.
(ee)Manufacturing.
(ff)Media and entertainment.
(gg)Chemicals.
(hh)Retail.
(ii)Transportation.
(jj)Energy.
(kk)Information Technology.
(ll)Communications.
(mm)Other relevant fields identified by the Director.
(ii)Not fewer than one member nor more than three members may represent any one category under clause (i)(III).
(iii)The Advisory Committee shall publish its membership list on a publicly available website not less than once per fiscal year and shall update the membership list as changes occur.
(2)(A)The term of each member of the Advisory Committee shall be two years, except that a member may continue to serve until a successor is appointed.
(B)The Director may review the participation of a member of the Advisory Committee and remove such member any time at the discretion of the Director.
(C)A member of the Advisory Committee may be reappointed for an unlimited number of terms.
(3)The members of the Advisory Committee may not receive pay or benefits from the United States Government by reason of their service on the Advisory Committee.
(4)(A)The Director shall require the Advisory Committee to meet not less frequently than semiannually, and may convene additional meetings as necessary.
(B)At least one of the meetings referred to in subparagraph (A) shall be open to the public.
(C)The Advisory Committee shall maintain a record of the persons present at each meeting.
(5)(A)Not later than 60 days after the date on which a member is first appointed to the Advisory Committee and before the member is granted access to any classified information, the Director shall determine, for the purposes of the Advisory Committee, if the member should be restricted from reviewing, discussing, or possessing classified information.
(B)Access to classified materials shall be managed in accordance with Executive Order No. 13526 of December 29, 2009 (75 Fed. Reg. 707), or any subsequent corresponding Executive Order.
(C)A member of the Advisory Committee shall protect all classified information in accordance with the applicable requirements for the particular level of classification of such information.
(D)Nothing in this paragraph shall be construed to affect the security clearance of a member of the Advisory Committee or the authority of a Federal agency to provide a member of the Advisory Committee access to classified information.
(6)The Advisory Committee shall select, from among the members of the Advisory Committee—
(A)a member to serve as chairperson of the Advisory Committee; and
(B)a member to serve as chairperson of each subcommittee of the Advisory Committee established under subsection (d).
(d)(1)The Director shall establish subcommittees within the Advisory Committee to address cybersecurity issues, which may include the following:
(A)Information exchange.
(B)Critical infrastructure.
(C)Risk management.
(D)Public and private partnerships.
(2)Each subcommittee shall meet not less frequently than semiannually, and submit to the Advisory Committee for inclusion in the annual report required under subsection (b)(4) information, including activities, findings, and recommendations, regarding subject matter considered by the subcommittee.
(3)The chair of the Advisory Committee shall appoint members to subcommittees and shall ensure that each member appointed to a subcommittee has subject matter expertise relevant to the subject matter of the subcommittee.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

References in Text

The date of enactment of the Cybersecurity Advisory Committee Authorization Act of 2020, referred to in subsec. (c)(1)(A), probably means the date of enactment of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116–283, which was approved Jan. 1, 2021. No act named the Cybersecurity Advisory Committee Authorization Act of 2020 has been enacted. However, a bill, S. 4024, entitled “Cybersecurity Advisory Committee Authorization Act of 2020” was introduced to Senate on June 22, 2020. Executive Order No. 13526, referred to in subsec. (c)(5)(B), is Ex. Ord. No. 13526, Dec. 29, 2009, 75 F.R. 707, set out as a note under section 3161 of Title 50, War and National Defense.

Amendments

2021—Pub. L. 117–81 reenacted section catchline.

Reference

Citations & Metadata

Citation

6 U.S.C. § 665e

Title 6Domestic Security

Last Updated

Apr 6, 2026

Release point: 119-73