Iran Cyber Sanctions Act of 2016

This bill requires the President to report to Congress at least every 180 days regarding significant activities undermining cybersecurity conducted by Iranian persons against the United States or U.S. persons. The reports must: (1) identify Iranians involved in such activities; (2) describe their conduct; (3) assess the Iranian government's or other foreign governments' material support for such activities; and (4) provide a strategy to counter efforts by Iranian persons to conduct such activities, which shall include engaging foreign governments to halt the capabilities of such Iranian persons.

The President must include on the Office of Foreign Assets Control's specially designated nationals and blocked persons list (which identifies individuals and entities whose assets within the United States are blocked from being accessed and with whom U.S. persons are prohibited from engaging in transactions) Iranian persons who are: (1) identified in such reports; or (2) indicted by the Department of Justice in connection with such activities undermining U.S. cybersecurity, unless the President submits an explanation for excluding such a person from that list.