S4956-118

1. Short title This Act may be cited as the Cleared Locations Enabling Access to Relevant Essential Devices Act of 2024 or the CLEARED Act of 2024.

2. Enhancing National Accessibility for Better Long-term Employment Act of 2024 In this section: The term covered entity means any entity that— is established under or sponsored by any branch of the United States Government; and manages a secure compartmented information facility. The term electronic medical device has the meaning given that term in Intelligence Community Directive 124. The term Governance Board means the Electronic Medical Device Governance Board described in Intelligence Community Directive 124. Beginning on the date of the enactment of this Act, the head of any covered entity shall begin developing and maintaining, for each secure compartmented information facility managed by such covered entity, a ledger to track the approval and denial of requests for electronic medical device use, which shall include— a case-by-case annotation of each approval or denial of an electronic medical device; a justification for each such approval or denial; any relevant details regarding device restrictions or accommodations; and statistics summarizing the number of electronic medical devices approved for unrestricted use and limited use and devices that were denied. Beginning not later than 1 year after the date of the enactment of this Act, the head of any covered entity shall develop and maintain, for each secure compartmented information facility managed by such covered entity, develop and maintain a list that includes the following: Each electronic medical device that is approved for unrestricted use in the facility. Each electronic medical device that is approved for limited use in the facility, including— any restrictions or accommodations required with respect to each such device; a description of whether such restrictions or accommodations vary from restrictions imposed or accommodations provided by other covered entities; and if applicable, an explanation of the variability of such restrictions or accommodations. Each electronic medical device that is denied for use in the facility and the justification for such denial. The relevant list of a covered entity developed pursuant to subparagraph (A) shall be— unclassified to the maximum extent practicable, but may include a classified annex; and provided to any applicant or employee of the covered entity who seeks a position that requires access to a secure compartmented information facility. On the date that an applicant or employee described in clause (i)(II) receives the security clearance necessary for access to the secure compartmented information facility, the head of the relevant covered entity shall make available to such applicant or employee the classified portion of the list described in clause (i). Not later than 1 year after the date of the enactment of this Act, the head of each covered entity shall provide to each employee of the covered entity who has the security clearance necessary to access a secure compartmented information facility, the list developed by the head of such covered entity with respect to such facility, which shall be unclassified to the maximum extent practicable, but may include a classified annex. Not later than 180 days after the date of the enactment of this Act, the head of each covered entity shall develop a policy for the use of electronic medical devices in secure compartmented information facilities, which shall include a list of the types of electronic medical devices that are approved for use in each such facility managed by the covered entity. The head of each covered entity shall annually review any policy developed pursuant to subparagraph (A). Not later than 180 days after the date of the enactment of this Act, and annually thereafter, the head of each covered entity shall submit to the Director of National Intelligence and the Governance Board— any ledger developed pursuant to paragraph (1); any list published pursuant to paragraph (2)(A); and any policy developed pursuant to paragraph (3)(A). The Governance Board shall review electronic medical device security and equity concerns for covered agencies. The Governance Board shall— review the policies of covered agencies regarding the use of electronic medical devices in secure compartmented information facilities; review each ledger or list submitted in accordance with subsection (b)(4); identify and resolve discrepancies in such ledgers and lists, with respect to both variation in justifications for restrictions and accommodations and denials within each covered entity and across all covered entities; facilitate and direct security research and technical risk assessments on electronic medical devices and determine threats to national security posed by such devices; for electronic medical devices that have been researched pursuant to subparagraph (D), evaluate threat mitigation measures available and the efficacy ratings of such measures; and provide recommendations for risk management of electronic medical devices in secure compartmented information facilities. Using each ledger and list submitted to the Governance Board in accordance with subsection (b)(4), the Governance Board shall develop and maintain a publicly accessible database of electronic medical devices that have been approved or denied for use at any secure compartmented information facility, including, to the extent practicable— approval rates; accommodations or restrictions for usage; and for each covered entity, specific processes for electronic medical device approval. The Governance Board shall make available on the website of the Office of the Director of National Intelligence the following: General approval and denial rates for devices described in subparagraph (A) of different types. Points of contact for teams responsible for approvals and denials of devices described in subparagraph (A). The Governance Board shall include in such database any discrepancy identified pursuant to paragraph (2), including, for each such discrepancy— a detailed description of the discrepancy; and proposed remediations. The database shall be unclassified, but may include a classified annex as the Director of National Intelligence considers appropriate. Not later than 1 year after the date of the enactment of this Act, and annually thereafter, the Governance Board shall submit to the Director of National Intelligence a report on the state of electronic medical device usage in secure compartmented information facilities. Each report submitted pursuant to subparagraph (A) shall include— a description of the research efforts, risk management recommendations, and strategic approaches of the Governance Board to support changes or innovations that improve the use of electronic medical devices in secure compartmented information facilities; a description of any barriers to resolving discrepancies under paragraph (2)(C); a summary of statistics describing approval rates gleaned from the database developed pursuant to paragraph (3); and any other information the Governance Board determines is relevant for the Director of National Intelligence to consider regarding the use of electronic medical devices in secure compartmented information facilities. Not later than 180 days after receiving a report under paragraph (4), the Director of National Intelligence shall— evaluate the findings and recommendations of the Governance Board in such report; and submit to Congress a report that includes— the results of the evaluation conducted under subparagraph (A); a description of current approval rates for electronic medical devices; a description of research efforts and risk mitigation strategies with respect to electronic medical devices; and recommendations for updating electronic medical device requirements in secure compartmented information facilities. In carrying out this section, the head of each covered entity shall ensure the protection of personally identifiable information, including medical information, in accordance with all applicable laws and policies with respect to confidentiality and privacy.