Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 115th Congress · S. 2987 (Placed on Calendar Senate) — To authorize appropriations for fiscal year 2019 for military activities of the Department of Defense, for military c... · Sec. 1633

Sec. 1633. Comply to connect and cybersecurity scorecard

283 words·~1 min read·/bill/115/s/2987/pcs/section-1633·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

After October 1, 2019, no funds may be obligated or expended to prepare the cybersecurity scorecard for the Secretary of Defense unless the Department of Defense is implementing a funded capability to meet the requirements— established by the Chief Information Officer and the Commander of United States Cyber Command pursuant to section 1653 of the National Defense Authorization for Fiscal Year 2017 ( Public Law 114–328 ; 10 U.S.C. 2224 note); and set forth in the Information Security Continuous Monitoring Strategy, the Comply-to-Connect Strategy, the Enterprise Patch Management Service Strategy and Concept of Operations, and the User Activity Monitoring Strategy.
Not later than January 10, 2019, the Director of Cost Assessment and Program Evaluation shall submit to the congressional defense committees a report comparing the current capabilities of the Department of Defense to— the requirements described in subsection (a); and the capabilities deployed by the Department of Homeland Security and the General Services Administration under the Continuous Diagnostics and Mitigation program across the non-Department of Defense departments and agencies of the Federal Government.
The Chief Information Officer of the Department of Defense, in coordination with the Principal Cyber Advisor, the Director of Operations of the Joint Staff, and the Commander of United States Cyber Command, shall establish risk thresholds for systems and network operations that, when exceeded, would trigger heightened security measures, such as enhanced monitoring and access policy changes. Not later than 180 days after the date of the enactment of this Act, the Chief Information Officer and the Principal Cyber Advisor shall develop a plan to implement an enterprise governance, risk, and compliance platform and process to maintain current status of all information and operational technology assets, vulnerabilities, threats, and mitigations.
Connectionstraces to 2
Citation graph
cites case law
Sec. 1633
Comply to connect and cybersecurity scorecard
Pub. L.Public Law 114-328
U.S.C.§ 2224
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.