Sec. 937. Joint Federated Centers for Trusted Defense Systems for the Department of Defense
424 words·~2 min read·
/bill/113/hr/3304/eah/section-937A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Secretary of Defense shall provide for the establishment of a joint federation of capabilities to support the trusted defense system needs of the Department of Defense (in this section referred to as the federation ). The purpose of the federation shall be to serve as a joint, Department-wide federation of capabilities to support the trusted defense system needs of the Department to ensure security in the software and hardware developed, acquired, maintained, and used by the Department, pursuant to the trusted defense systems strategy of the Department and supporting policies related to software assurance and supply chain risk management.
In providing for the establishment of the federation, the Secretary shall consider whether the purpose of the federation can be met by existing centers in the Department. If the Department determines that there are capabilities gaps that cannot be satisfied by existing centers, the Department shall devise a strategy for creating and providing resources for such capabilities to fill such gaps. Not later than 180 days after the date of the enactment of this Act, the Secretary shall issue a charter for the federation.
The charter shall— be established pursuant to the trusted defense systems strategy of the Department and supporting policies related to software assurance and supply chain risk management; and set forth— the role of the federation in supporting program offices in implementing the trusted defense systems strategy of the Department; the software and hardware assurance expertise and capabilities of the federation, including policies, standards, requirements, best practices, contracting, training, and testing; the requirements for the discharge by the federation, in coordination with the Center for Assured Software of the National Security Agency, of a program of research and development to improve automated software code vulnerability analysis and testing tools; the requirements for the federation to procure, manage, and distribute enterprise licenses for automated software vulnerability analysis tools; and the requirements for the discharge by the federation, in coordination with the Defense Microelectronics Activity, of a program of research and development to improve hardware vulnerability, testing, and protection tools.
The Secretary shall submit to the congressional defense committees, at the time of the submittal to Congress of the budget of the President for fiscal year 2016 pursuant to section 1105 of title 31, United States Code, a report on the funding and management of the federation. The report shall set forth such recommendations as the Secretary considers appropriate regarding the optimal placement of the federation within the organizational structure of the Department, including responsibility for the funding and management of the federation.