Consistent with their responsibilities and authorities under law, as of the day before August 3, 2007, the Administrator and the Director of Cybersecurity and Infrastructure Security, in consultation with the private sector, may develop guidance or recommendations and identify best practices to assist or foster action by the private sector in—
(1) identifying potential hazards and assessing risks and impacts;
(2) mitigating the impact of a wide variety of hazards, including weapons of mass destruction;
(3) managing necessary emergency preparedness and response resources;
(4) developing mutual aid agreements;
(5) developing and maintaining emergency preparedness and response plans, and associated operational procedures;
(6) developing and conducting training and exercises to support and evaluate emergency preparedness and response plans and operational procedures;
(7) developing and conducting training programs for security guards to implement emergency preparedness and response plans and operations procedures; and
(8) developing procedures to respond to requests for information from the media or the public.
Any guidance or recommendations developed or best practices identified under subsection (a) shall be—
(1) issued through the Administrator; and
(2) promoted by the Secretary to the private sector.
In developing guidance or recommendations or identifying best practices under subsection (a), the Administrator and the Director of Cybersecurity and Infrastructure Security shall take into consideration small business concerns (under the meaning given that term in section 632 of title 15), including any need for separate guidance or recommendations or best practices, as necessary and appropriate.
Nothing in this section may be construed to supersede any requirement established under any other provision of law.
(Pub. L. 107–296, title V, § 523, as added Pub. L. 110–53, title IX, § 901(a), Aug. 3, 2007, 121 Stat. 364; amended Pub. L. 115–278, § 2(g)(4)(C), Nov. 16, 2018, 132 Stat. 4178.)