Sponsors
The bill strengthens FEMA/CISA's ability to issue timely cybersecurity guidance and increases congressional oversight to protect FEMA operations, but it shifts compliance costs and administrative burdens onto private firms, state/local governments, and agency staff.
Utilities, energy companies, state governments, and other private-sector organizations will receive FEMA/CISA guidance to mitigate cyber risks that could disrupt FEMA operations, improving operational continuity and reducing the chance of service interruptions during emergencies.
Federal, state, and local stakeholders can get cybersecurity guidance immediately (not delayed by a prior time limitation), enabling FEMA and CISA to provide timely recommendations when threats emerge.
Taxpayers and Congress will gain more transparency because FEMA and CISA must report progress to relevant House and Senate committees within one year, improving oversight of mitigation efforts.
Utilities, energy companies, nonprofits, and other private firms may incur new compliance costs or need to dedicate resources to follow FEMA/CISA guidance, raising business expenses.
State and local governments may face operational and budgetary strain to align with broader federal cybersecurity guidance, creating additional costs for already-tight local budgets.
FEMA and CISA staff will need to produce the required progress report and related administrative work, which could divert limited agency resources away from other operational activities.
Based on analysis of 2 sections of legislative text.
Requires FEMA and CISA to develop private-sector cybersecurity guidance to mitigate risks that could impede federal agency operations and report progress to Congress within one year.
Introduced July 21, 2025 by Bennie Thompson · Last progress July 21, 2025
Requires FEMA and CISA to work together to produce guidance for the private sector on mitigating cybersecurity risks that could interfere with federal agency operations, and to report to specified congressional committees on progress within one year. Also removes an outdated temporal phrase in the existing statutory provision to broaden the subsection’s guidance authorities.