Sec. 1638. Plan for information security continuous monitoring capability and comply-to-connect policy
413 words·~2 min read·
/bill/114/s/2943/pcs/section-1638A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Chief Information Officer of the Department of Defense and the Commander of the United States Cyber Command, in coordination with the Principal Cyber Adviser, shall jointly develop a plan for a modernized, enterprise-wide information security continuous monitoring
(ISCM)capability and a comply-to-connect policy. The plan required by paragraph
(1)shall include an architecture, a concept of operations, component functionality, and interoperability requirements for the tools, sensors, systems, and processes that comprise the information security continuous monitoring capability operating under a comply-to-connect policy. The Chief Information Officer and the Commander shall each issue such directives for Department of Defense components as they each consider appropriate to take actions to comply with the plan and policy developed under paragraph (1). The Chief Information Officer and the Commander shall ensure that the plan and policy required by subsection
(a)is developed, and the directives required by subsection
(b)are issued, before such time as is necessary for components of the Department of Defense to include necessary funding and program plans in program objective memoranda for the budget submitted by the President under section 1105(a) of title 31, United States Code, for fiscal year 2019. The plan and policy required by subsection
(a)shall enable compliance with the software license inventory requirements of the plan issued pursuant to section 937 of the National Defense Authorization Act for Fiscal Year 2013 ( Public Law 112–239 ; 10 U.S.C. 2223 note) and updated pursuant to section 935 of the National Defense Authorization Act for Fiscal Year 2014 ( Public Law 113–66 ; 10 U.S.C. 2223 note). The Secretary of Defense may not obligate or expend any funds for a software license for the Department of Defense for which the Department would spend in excess of $5,000,000 annually unless the Department is able, through automated means— to count the number of such licenses in use; and to determine the security status of each instance of use of the software licensed. Paragraph
(1)shall take effect— in the case of a contract for new software licensing, on January 1, 2018; and in the case of a contract relating to software licensing that was already in effect, on January 1, 2020. The Chief Information Officer and the Commander of United States Cyber Command shall ensure that information generated through automated- and automation assisted processes for continuous monitoring, asset management, and comply-to-connect policies and processes is accessible and usable in machine-readable form by cyber protection teams and computer network defense service providers.
Connectionstraces to 2
Traces to 2 documents
1 reference not yet in our index
- Pub. L. 112-239
Citation graph
cites case law
Sec. 1638
Plan for information security continuous monitoring capability and comply-to-connect policy
Pub. L.Pub. L. 112-239
Cites 3Cited by 0 across 0 sources