Title 6 — Domestic SecurityRelease 119-73not60

§677c Cyber Response and Recovery Fund

Title 6 › Chapter 1— HOMELAND SECURITY ORGANIZATION › Subchapter XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY › Part C— Declaration of a Significant Incident › § 677c

Last updated Apr 3, 2026|Official source

Summary

Creates a Cyber Response and Recovery Fund to pay for coordinating and supporting responses to a declared major cyber incident. The Fund can pay for coordination, technical help (six kinds: vulnerability checks, incident fixes, malware analysis, analytic support, threat hunting, and network protections), and asset-response work. It can also make grants or agreements to public or private entities to buy or upgrade hardware or software and to hire technical contract staff, and to cover certain advance actions the Secretary can take. Money for the Fund comes from Congress and from reimbursements by Federal agencies only when Congress has provided money for those reimbursements in advance. Spending must come from Fund deposits and be extra money, not a replacement for other Federal, State, local, or Tribal funding. Any recipient of Fund money must report to the Secretary how the money was used.

Full Legal Text

Title 6, §677c

Domestic Security — Source: USLM XML via OLRC

(a)There is established a Cyber Response and Recovery Fund, which shall be available for—

(1)the coordination of activities described in section 677b(b) of this title;

(2)response and recovery support for the specific significant incident associated with a declaration to Federal, State, local, and Tribal, entities and public and private entities on a reimbursable or non-reimbursable basis, including through asset response activities and technical assistance, such as—

(A)vulnerability assessments and mitigation;

(B)technical incident mitigation;

(C)malware analysis;

(D)analytic support;

(E)threat detection and hunting; and

(F)network protections;

(3)as the Director determines appropriate, grants for, or cooperative agreements with, Federal, State, local, and Tribal public and private entities to respond to, and recover from, the specific significant incident associated with a declaration, such as—

(A)hardware or software to replace, update, improve, harden, or enhance the functionality of existing hardware, software, or systems; and

(B)technical contract personnel support; and

(4)advance actions taken by the Secretary under section 677b(f)(1)(B) of this title.

(b)(1)Amounts shall be deposited into the Fund from—

(A)appropriations to the Fund for activities of the Fund; and

(B)reimbursement from Federal agencies for the activities described in paragraphs (1), (2), and (4) of subsection (a), which shall only be from amounts made available in advance in appropriations Acts for such reimbursement.

(2)Any expenditure from the Fund for the purposes of this part shall be made from amounts available in the Fund from a deposit described in paragraph (1), and amounts available in the Fund shall be in addition to any other appropriations available to the Cybersecurity and Infrastructure Security Agency for such purposes.

(c)Amounts in the Fund shall be used to supplement, not supplant, other Federal, State, local, or Tribal funding for activities in response to a declaration.

(d)The Secretary shall require an entity that receives amounts from the Fund to submit a report to the Secretary that details the specific use of the amounts.

Reference

Citations & Metadata

Citation

6 U.S.C. § 677c

Title 6 — Domestic Security

Last Updated

Apr 3, 2026

Release point: 119-73not60