The term “agency information” has the meaning given the term in section 2213 of the Homeland Security Act of 2002 [6 U.S.C. 663].
The terms “cyber threat indicator” and “defensive measure” have the meanings given those terms in section 650 of this title.
The term “intrusion assessments” means actions taken under the intrusion assessment plan to identify and remove intruders in agency information systems.
The term “intrusion assessment plan” means the plan required under section 2210(b)(1) of the Homeland Security Act of 2002 [6 U.S.C. 660(b)(1)].
The term “intrusion detection and prevention capabilities” means the capabilities required under section 2213(b) of the Homeland Security Act of 2002 [6 U.S.C. 663(b)].
Not later than 3 years after December 18, 2015, the Comptroller General of the United States shall conduct a study and publish a report on the effectiveness of the approach and strategy of the Federal Government to securing agency information systems, including the intrusion detection and prevention capabilities and the intrusion assessment plan.
Each report required under this section shall be submitted in unclassified form, but may include a classified annex.