Risk-Informed Spending for Cybersecurity Act
This bill requires the Office of Management and Budget, in coordination with the Cybersecurity and Infrastructure Security Agency, to develop a standard model for creating a risk-based budget for cybersecurity spending.
The risk-based budget must (1) be developed by identifying and prioritizing cybersecurity risks and vulnerabilities through analysis of threat intelligence, incident data, and tactics, techniques, procedures, and capabilities of cyber threats; and (2) allocate resources based on the risks identified and prioritized.
Within two years of the development of the model, federal agencies must begin using the model to develop annual cybersecurity and information technology budget requests.