Federal Campaign Cybersecurity Assistance Act of 2019
Date: May 21, 2019 Official Title: To amend the Federal Election Campaign Act of 1971 to allow certain expenditures for cybersecurity-related services or assistance. Short title This Act may be cited as the "Federal Campaign Cybersecurity Assistance Act of 2019".Findings Congress makes the following findings:
(1) The intelligence community has confirmed that the Russian government meddled in our elections.
(2) Candidates for Federal office from both major political parties have been targeted by sophisticated cyber-attacks.
(3) There is a compelling governmental interest in preventing foreign influence over the United States political process, and that this includes protecting the political process, the parties, and individual campaigns from cyber-attacks.
(1) In general Subsection (a)(9)(B) of section 315 of the Federal Election Campaign Act of 1971 () is amended—
(A) by inserting "(i)" after "(B)";
(B) in clause (i), as added by subparagraph (A), by adding at the end the following new sentence: "Notwithstanding the preceding sentence, such account may also be used to defray the expenses incurred for secure information communications technology or cybersecurity products or services for the national committee, a State party, or for a candidate or his or her authorized committee, regardless of whether the expense otherwise relates to the construction, purchase, renovation, operation, and furnishing of one or more headquarters buildings of the party."; and
(C) by adding at the end the following new clauses:
(ii) For purposes of this subparagraph, the term means a commercial-off-the-shelf computing device which has been configured to restrict unauthorized access and uses publicly-available baseline configurations.
(iii) For purposes of this subparagraph, the term means a product or service which helps an organization to achieve the set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively identify, detect, protect, respond to, and recover from cyber risks as developed by the National Institute of Standards and Technology pursuant to subsections (c)(15) and (e) of section 272 of title 15, United States Code.
(iv) An authorized committee may not sell any secure information communications technology or cybersecurity products or services received by the authorized committee that were purchased using such account funds. Nothing in the preceding sentence shall prevent an authorized committee from donating such secure information communications technology or cybersecurity products or services to a charitable organization or to a Federal, State, local, or Tribal government agency at the conclusion of the campaign. .
(2) Reporting Section 304(b) of such Act () is amended by striking "and" at the end of paragraph (7), by striking the period at the end of paragraph (8) and inserting "; and", and by adding at the end the following new paragraph: