Thanks.
I think we spoke about this in the first half of the bill. It creates the obligation to notify NSICOP and NSIRA within 90 days of issuing a cybersecurity directive.
Just to refresh everyone's memory, what was of some concern was how anyone would know if a secret order was made while still maintaining national security protections. As well, I'm sure certain sectors don't necessarily want competitors to know of any gaps.
We felt this was a reasonable opportunity to provide notice to NSICOP and NSIRA. They are the masters of what they study, but this would allow for that pre-emptive acknowledgement, if an order was actually issued, to ensure that somebody knows to look for it and could look deeper into it with the protections that NSICOP and NSIRA have in dealing with sensitive information.