Attachment 9d
The following Frequently Asked Questions (FAQ) will be printed on the back of NHANES consent forms that contain the new Cybersecurity Act text or displayed via a sticker placed on the back of these forms.
Draft FAQ on Cybersecurity Act of 2015:
The Cybersecurity Act of 2015 permits monitoring information systems for the purpose of protecting a network from hacking, denial of service attacks and other security vulnerabilities.(1) The software used for monitoring may scan information that is transiting, stored on, or processed by the system. If the information triggers a cyber threat indicator, the information may be intercepted and reviewed for cyber threats. The Cybersecurity Act specifies that the cyber threat indicator or defensive measure taken to remove the threat may be shared with others only after any information not directly related to a cybersecurity threat has been removed, including removal of personal information of a specific individual or information that identifies a specific individual. Monitoring under the Cybersecurity Act may be done by a system owner or another entity the system owner allows to monitor its network and operate defensive measures on its behalf.
“Monitor” means “to acquire, identify, or scan, or to possess, information that is stored on, processed by, or transiting an information system”; “information system” means “a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information”; “cyber threat indicator” means “information that is necessary to describe or identify security vulnerabilities of an information system, enable the exploitation of a security vulnerability, or unauthorized remote access or use of an information system”.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Vicki Burt |
File Modified | 0000-00-00 |
File Created | 2021-01-21 |