From the outside, it looks as though a slew of proposed cybersecurity-centric legislation bottled up in the previous Congress is now stalled in this session as well. But dive a little deeper and it looks quite a bit different and remarkably productive, a new report from the Cyber Policy Institute suggests.Indeed, some 80 bills have been introduced or passed by the 117th Congress in the first year of its session dating back to January, 2021, dwarfing the few that made it through the Senate in the prior administration. The new measures cross a number of areas, including defense, business, foreign relations, workforce and disaster preparedness.Many carry important implications for managed security service providers (MSSPs) -- especially in terms of how MSSPs document and/or disclose cybersecurity incidents, and the potential timing requirements of such disclosures.Of note, some 77 cybersecurity articles were included in the $740 billion fiscal 2021 National Defense Authorization Act (NDAA), 27 of which were directly drawn from 25 recommendations of the Cyberspace Solarium Commission and the remainder developed by Congressional committees. Chief among those was creating the national cyber director at the White House (Chris Inglis) and strengthening the Department of Homeland Security’s cyber wing, the Cybersecurity and Infrastructure Security Agency (CISA). That bill passed over the veto of then President Trump.Last December, President Biden signed into law the 2022 NDAA that includes an amendment to require critical infrastructure owners and operators and civil federal agencies to report to CISA within 72 hours if they are hit by a cyber attack. The bill includes 14 provisions related to IT security, 13 to cyberspace, 12 to federal cybersecurity and eight to supply chain security, among others.According to figures compiled by the Institute’s newly released review, entitled Cybersecurity Bills and the 117th Congress, the following has occurred with those 80 bills:The measures cover a wide range of subjects, including:
- 5 have passed both houses of Congress and been signed into law by President Biden.
- 10 have passed one or both houses of Congress.
- 32 remain in committee.
- National security and defense.
- Protecting intellectual property.
- Protecting American business.
- Defending American critical infrastructure.
- Developing cybersecurity skills in people both inside and outside the government.
- Protecting children’s welfare.
- Protecting Americans’ privacy.




