In developing the agencywide information security program required by section
3534
(b) of title
44, an agency that deploys a computer hardware or software system for which the Director of the National Institute of Standards and Technology has developed a checklist under subsection (c) of this section—