Title 6 — Domestic SecurityRelease 119-73not60

§677d Notification and Reporting

Title 6 › Chapter 1— HOMELAND SECURITY ORGANIZATION › Subchapter XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY › Part C— Declaration of a Significant Incident › § 677d

Last updated Apr 3, 2026|Official source

Summary

When the Secretary declares or renews a cyber incident, they must immediately tell the National Cyber Director and certain congressional committees. The notice must say how long the declaration is expected to last, why it was made (including how the incident affects federal and nonfederal groups, who did it if known, and how many are affected), why other resources besides the Fund are not enough, and what coordination the Secretary expects the National Cyber Director to do. Within 180 days the Secretary must give those committees a report that explains the reasons and intelligence behind the declaration or renewal, any use of Fund money, actions by the Department and other governments or private groups, how Fund dollars were spent, and analyses of the incident’s effects and of the role of the declaration and Fund in the response and recovery. Notices and reports must be unclassified with markings for FOIA-exempt material and may include a classified annex. The Secretary can combine reports for related declarations, and the Paperwork Reduction Act (subchapter I of chapter 35 of title 44) does not apply to voluntary information collection during investigation, response, or immediate post-response review.

Full Legal Text

Title 6, §677d

Domestic Security — Source: USLM XML via OLRC

(a)Upon a declaration or renewal, the Secretary shall immediately notify the National Cyber Director and appropriate congressional committees and include in the notification—

(1)an estimation of the planned duration of the declaration;

(2)with respect to a notification of a declaration, the reason for the declaration, including information relating to the specific significant incident or imminent specific significant incident, including—

(A)the operational or mission impact or anticipated impact of the specific significant incident on Federal and non-Federal entities;

(B)if known, the perpetrator of the specific significant incident; and

(C)the scope of the Federal and non-Federal entities impacted or anticipated to be impacted by the specific significant incident;

(3)with respect to a notification of a renewal, the reason for the renewal;

(4)justification as to why available resources, other than the Fund, are insufficient to respond to or mitigate the specific significant incident; and

(5)a description of the coordination activities described in section 677b(b) of this title that the Secretary anticipates the Director to perform.

(b)Not later than 180 days after the date of a declaration or renewal, the Secretary shall submit to the appropriate congressional committees a report that includes—

(1)the reason for the declaration or renewal, including information and intelligence relating to the specific significant incident that led to the declaration or renewal;

(2)the use of any funds from the Fund for the purpose of responding to the incident or threat described in paragraph (1);

(3)a description of the actions, initiatives, and projects undertaken by the Department and State and local governments and public and private entities in responding to and recovering from the specific significant incident described in paragraph (1);

(4)an accounting of the specific obligations and outlays of the Fund; and

(5)an analysis of—

(A)the impact of the specific significant incident described in paragraph (1) on Federal and non-Federal entities;

(B)the impact of the declaration or renewal on the response to, and recovery from, the specific significant incident described in paragraph (1); and

(C)the impact of the funds made available from the Fund as a result of the declaration or renewal on the recovery from, and response to, the specific significant incident described in paragraph (1).

(c)Each notification made under subsection (a) and each report submitted under subsection (b)—

(1)shall be in an unclassified form with appropriate markings to indicate information that is exempt from disclosure under section 552 of title 5 (commonly known as the “Freedom of Information Act”); and

(2)may include a classified annex.

(d)The Secretary shall not be required to submit multiple reports under subsection (b) for multiple declarations or renewals if the Secretary determines that the declarations or renewals substantively relate to the same specific significant incident.

(e)The requirements of subchapter I of chapter 35 of title 44 (commonly known as the “Paperwork Reduction Act”) shall not apply to the voluntary collection of information by the Department during an investigation of, a response to, or an immediate post-response review of, the specific significant incident leading to a declaration or renewal.

Reference

Citations & Metadata

Citation

6 U.S.C. § 677d

Title 6 — Domestic Security

Last Updated

Apr 3, 2026

Release point: 119-73not60