S. Rept. 116-242: Cybersecurity Vulnerability Identification and Notification Act, Report to Accompany S. 3045, Including Cost Estimate of the Congressional Budget Office, July 29, 2020 [open pdf - 479KB]
From the Purpose and Summary: "The purpose of S. 3045, the Cybersecurity Vulnerability Notification Act of 2020, is to authorize the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to issue administrative subpoenas for the purpose of warning U.S. critical infrastructure owners and operators about CISA identified potential cybersecurity vulnerabilities. Specifically, the bill authorizes CISA to detect, identify, and receive information about security vulnerabilities related to critical infrastructure for a cybersecurity purpose. The Director of CISA is then authorized to issue an administrative subpoena for the production of information necessary to identify and notify the entity with the specific cybersecurity vulnerability. Additionally, the bill requires that the Director of CISA coordinate the issuance of a subpoena with the Department of Justice (DOJ), notify any entity identified by the subpoena within seven days, and that the subpoena be authenticated with a digital signature. The bill also requires the Director of CISA to develop procedures to protect nonpublic information from dissemination, absent certain national security or law enforcement interests in resolving a cybersecurity incident related to the vulnerability that gave rise to the subpoena. The bill includes privacy and transparency protections such as provisions for the retention and destruction of information by CISA, the publication of information about the subpoena process, and an annual report to Congress."
S. Rept. 116-242; Senate Report 116-242
U. S. Government Publishing Office: http://www.gpo.gov/