PILLAR Act
USA119th CongressHR-5078| House
| Updated: 11/18/2025
Andrew Ogles
Republican Representative
Tennessee
Cosponsors (4)
Homeland Security Committee, Homeland Security and Governmental Affairs Committee, Cybersecurity and Infrastructure Protection Subcommittee
- Introduced
- In Committee
- On Floor
- Passed Chamber
- Enacted
The "Protecting Information by Local Leaders for Agency Resilience Act," or PILLAR Act, reauthorizes and significantly amends the Cybersecurity and Infrastructure Security Agency's (CISA) State and Local Cybersecurity Grant Program. This legislation extends the program's authorization through fiscal year 2035, ensuring continued federal support for state and local cybersecurity efforts. It aims to enhance the resilience of critical infrastructure against evolving cyber threats by updating the program's focus and requirements. A key change is the expansion of the program's scope to explicitly cover **operational technology systems** and **artificial intelligence systems**. The bill introduces new definitions for terms such as "artificial intelligence," "artificial intelligence system," and "foreign entity of concern," reflecting a broader focus on emerging technologies and supply chain risks. Grant activities are updated to include managing, monitoring, and enhancing the resilience of these expanded system types, including legacy systems and those no longer supported by manufacturers. The legislation revises the federal cost-share for grants, setting it at 60 percent for single entities and 70 percent for multi-entity groups through FY2035. An increased federal share of 65 percent and 75 percent respectively is offered if entities implement **multi-factor authentication** and identity and access management tools for critical infrastructure by October 1, 2027. Furthermore, the bill prohibits the use of grant funds for software or hardware from **foreign entities of concern** that do not align with CISA guidance, or for products that do not align with CISA's "Secure by Design" guidance. Other notable amendments include extending the cybersecurity planning committee's term to three years and requiring CISA to implement an outreach plan to inform rural and small local governments about no-cost cybersecurity services. The bill also streamlines the process for local governments to directly petition the Secretary for funds if states fail to distribute grants promptly. Finally, it mandates a Government Accountability Office (GAO) review every four years, specifically including an assessment of **artificial intelligence** adoption across a sample of grants.
Suggested Questions
Get AI-generated questions to help you understand this bill better
Timeline
Introduced in House
Referred to the House Committee on Homeland Security.
Referred to the Subcommittee on Cybersecurity and Infrastructure Protection.
Ordered to be Reported by the Yeas and Nays: 21 - 1.
Subcommittee on Cybersecurity and Infrastructure Protection Discharged
Committee Consideration and Mark-up Session Held
Placed on the Union Calendar, Calendar No. 328.
Reported by the Committee on Homeland Security. H. Rept. 119-377.
Mr. Garbarino moved to suspend the rules and pass the bill, as amended.
Considered under suspension of the rules. (consideration: CR H4685-4688)
DEBATE - The House proceeded with forty minutes of debate on H.R. 5078.
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H4685-4687)
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.
On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H4685-4687)
Motion to reconsider laid on the table Agreed to without objection.
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
Science, Technology, Communications
Advanced technology and technological innovationsComputers and information technologyComputer security and identity theftCongressional oversightGovernment information and archivesGovernment lending and loan guaranteesGovernment studies and investigationsInternet, web applications, social mediaState and local government operations
PILLAR Act
USA119th CongressHR-5078| House
| Updated: 11/18/2025
The "Protecting Information by Local Leaders for Agency Resilience Act," or PILLAR Act, reauthorizes and significantly amends the Cybersecurity and Infrastructure Security Agency's (CISA) State and Local Cybersecurity Grant Program. This legislation extends the program's authorization through fiscal year 2035, ensuring continued federal support for state and local cybersecurity efforts. It aims to enhance the resilience of critical infrastructure against evolving cyber threats by updating the program's focus and requirements. A key change is the expansion of the program's scope to explicitly cover **operational technology systems** and **artificial intelligence systems**. The bill introduces new definitions for terms such as "artificial intelligence," "artificial intelligence system," and "foreign entity of concern," reflecting a broader focus on emerging technologies and supply chain risks. Grant activities are updated to include managing, monitoring, and enhancing the resilience of these expanded system types, including legacy systems and those no longer supported by manufacturers. The legislation revises the federal cost-share for grants, setting it at 60 percent for single entities and 70 percent for multi-entity groups through FY2035. An increased federal share of 65 percent and 75 percent respectively is offered if entities implement **multi-factor authentication** and identity and access management tools for critical infrastructure by October 1, 2027. Furthermore, the bill prohibits the use of grant funds for software or hardware from **foreign entities of concern** that do not align with CISA guidance, or for products that do not align with CISA's "Secure by Design" guidance. Other notable amendments include extending the cybersecurity planning committee's term to three years and requiring CISA to implement an outreach plan to inform rural and small local governments about no-cost cybersecurity services. The bill also streamlines the process for local governments to directly petition the Secretary for funds if states fail to distribute grants promptly. Finally, it mandates a Government Accountability Office (GAO) review every four years, specifically including an assessment of **artificial intelligence** adoption across a sample of grants.
Suggested Questions
Get AI-generated questions to help you understand this bill better
Timeline
Introduced in House
Referred to the House Committee on Homeland Security.
Referred to the Subcommittee on Cybersecurity and Infrastructure Protection.
Ordered to be Reported by the Yeas and Nays: 21 - 1.
Subcommittee on Cybersecurity and Infrastructure Protection Discharged
Committee Consideration and Mark-up Session Held
Placed on the Union Calendar, Calendar No. 328.
Reported by the Committee on Homeland Security. H. Rept. 119-377.
Mr. Garbarino moved to suspend the rules and pass the bill, as amended.
Considered under suspension of the rules. (consideration: CR H4685-4688)
DEBATE - The House proceeded with forty minutes of debate on H.R. 5078.
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H4685-4687)
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.
On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H4685-4687)
Motion to reconsider laid on the table Agreed to without objection.
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
Andrew Ogles
Republican Representative
Tennessee
Cosponsors (4)
Homeland Security Committee, Homeland Security and Governmental Affairs Committee, Cybersecurity and Infrastructure Protection Subcommittee
Science, Technology, Communications
- Introduced
- In Committee
- On Floor
- Passed Chamber
- Enacted
Advanced technology and technological innovationsComputers and information technologyComputer security and identity theftCongressional oversightGovernment information and archivesGovernment lending and loan guaranteesGovernment studies and investigationsInternet, web applications, social mediaState and local government operations