Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · H.R. 6395 (Reported in House) — To authorize appropriations for fiscal year 2021 for military activities of the Department of Defense and for militar... · Sec. 223

Sec. 223. Information technology modernization and security efforts

1,839 words·~8 min read·/bill/116/hr/6395/rh/section-223

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In this subsection— the term Assistant Secretary means the Assistant Secretary of Commerce for Communications and Information; the term covered agency — means any Federal entity that the Assistant Secretary determines is appropriate; and includes the Department of Defense; the term Federal entity has the meaning given the term in section 113(l) of the National Telecommunications and Information Administration Organization Act ( 47 U.S.C. 923(l) ); the term Federal spectrum means frequencies assigned on a primary basis to a covered agency; the term infrastructure means information technology systems and information technologies, tools, and databases; and the term NTIA means the National Telecommunications and Information Administration.
Not later than 90 days after the date of enactment of this Act, the Assistant Secretary, in consultation with the Policy and Plans Steering Group, shall identify a process to establish goals, including parameters to measure the achievement of those goals, for the modernization of the infrastructure of covered agencies relating to managing the use of Federal spectrum by those agencies, which shall include— the standardization of data inputs, modeling algorithms, modeling and simulation processes, analysis tools with respect to Federal spectrum, assumptions, and any other tool to ensure interoperability and functionality with respect to that infrastructure; other potential innovative technological capabilities with respect to that infrastructure, including cloud-based databases, artificial intelligence technologies, automation, and improved modeling and simulation capabilities; ways to improve the management of covered agencies’ use of Federal spectrum through that infrastructure, including by— increasing the efficiency of that infrastructure; addressing validation of usage with respect to that infrastructure; increasing the accuracy of that infrastructure; validating models used by that infrastructure; and monitoring and enforcing requirements that are imposed on covered agencies with respect to the use of Federal spectrum by covered agencies; ways to improve the ability of covered agencies to meet mission requirements in congested environments with respect to Federal spectrum, including as part of automated adjustments to operations based on changing conditions in those environments; the creation of a time-based automated mechanism— to share Federal spectrum between covered agencies to collaboratively and dynamically increase access to Federal spectrum by those agencies; and that could be scaled across Federal spectrum; and the collaboration between covered agencies necessary to ensure the interoperability of Federal spectrum.
Not later than 240 days after the date of enactment of this Act, the Assistant Secretary shall submit to Congress a report that contains the plan of the NTIA to modernize and automate the infrastructure of the NTIA relating to managing the use of Federal spectrum by covered agencies so as to more efficiently manage that use. The report required under subparagraph
(A)shall include— an assessment of the current, as of the date on which the report is submitted, infrastructure of the NTIA described in that paragraph; an acquisition strategy for the modernized infrastructure of the NTIA described in that paragraph, including how that modernized infrastructure will enable covered agencies to be more efficient and effective in the use of Federal spectrum; a timeline for the implementation of the modernization efforts described in that paragraph; plans detailing how the modernized infrastructure of the NTIA described in that paragraph will— enhance the security and reliability of that infrastructure so that such infrastructure satisfies the requirements of the Federal Information Security Management Act of 2002 ( Public Law 107–296 ; 116 Stat. 2135); improve data models and analysis tools to increase the efficiency of the spectrum use described in that paragraph; enhance automation and workflows, and reduce the scope and level of manual effort, in order to— administer the management of the spectrum use described in that paragraph; and improve data quality and processing time; and improve the timeliness of spectrum analyses and requests for information, including requests submitted pursuant to section 552 of title 5, United States Code; an operations and maintenance plan with respect to the modernized infrastructure of the NTIA described in that paragraph; a strategy for coordination between the covered agencies within the Policy and Plans Steering Group, which shall include— a description of— those coordination efforts, as in effect on the date on which the report is submitted; and a plan for coordination of those efforts after the date on which the report is submitted, including with respect to the efforts described in paragraph (4); a plan for standardizing— electromagnetic spectrum analysis tools; modeling and simulation processes and technologies; and databases to provide technical interference assessments that are usable across the Federal Government as part of a common spectrum management infrastructure for covered agencies; a plan for each covered agency to implement a modernization plan described in paragraph (4)(A) that is tailored to the particular timeline of the agency; identification of manually intensive processes involved in managing Federal spectrum and proposed enhancements to those processes; metrics to evaluate the success of the modernization efforts described in that paragraph and any similar future efforts; and an estimate of the cost of the modernization efforts described in that paragraph and any future maintenance with respect to the modernized infrastructure of the NTIA described in that paragraph, including the cost of any personnel and equipment relating to that maintenance. Not later than 1 year after the date of enactment of this Act, the head of each covered agency shall submit to the Assistant Secretary and the Policy and Plans Steering Group a report that describes the plan of the agency to modernize the infrastructure of the agency with respect to the use of Federal spectrum by the agency so that such modernized infrastructure of the agency is interoperable with the modernized infrastructure of the NTIA, as described in paragraph (3). Each report submitted by the head of a covered agency under subparagraph
(A)shall— include— an assessment of the current, as of the date on which the report is submitted, management capabilities of the agency with respect to the use of frequencies that are assigned to the agency, which shall include a description of any challenges faced by the agency with respect to that management; a timeline for completion of the modernization efforts described in that paragraph; and a description of potential innovative technological capabilities for the management of frequencies that are assigned to the agency, as determined under paragraph (2); identification of agency-specific requirements or constraints relating to the infrastructure of the agency; identification of any existing, as of the date on which the report is submitted, systems of the agency that are duplicative of the modernized infrastructure of the NTIA, as proposed under paragraph (3); and with respect to the report submitted by the Secretary of Defense— a strategy for the integration of systems or the flow of data among the Armed Forces, the military departments, the Defense Agencies and Department of Defense Field Activities, and other components of the Department of Defense; a plan for the implementation of solutions to the use of Federal spectrum by the Department of Defense involving information at multiple levels of classification; and a strategy for addressing, within the modernized infrastructure of the Department of Defense described in that paragraph, the exchange of information between the Department of Defense and the NTIA in order to accomplish required processing of all Department of Defense domestic spectrum coordination and management activities; and be submitted in an unclassified format, with a classified annex, as appropriate. Upon submission of the report required under subparagraph (A), the head of each covered agency shall notify Congress that the head of the covered agency has submitted the report. The Comptroller General of the United States shall— not later than 90 days after the date of enactment of this Act, conduct a review of the infrastructure of covered agencies, as that infrastructure exists on the date of enactment of this Act; after all of the reports required under paragraph
(4)have been submitted, conduct oversight of the implementation of the modernization plans submitted by the NTIA and covered agencies under paragraphs
(3)and (4), respectively; not later than 1 year after the date on which the Comptroller General begins conducting oversight under subparagraph (B), and annually thereafter, submit a report regarding that oversight to— with respect to the implementation of the modernization plan of the Department of Defense, the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives; and with respect to the implementation of the modernization plans of all covered agencies, including the Department of Defense, the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Energy and Commerce of the House of Representatives; and provide regular briefings to— with respect to the application of this section to the Department of Defense, the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives; and with respect to the application of this section to all covered agencies, including the Department of Defense, the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Energy and Commerce of the House of Representatives. The Secretary of Defense shall carry out a program to identify and mitigate vulnerabilities in the telecommunications infrastructure of the Department of Defense. In carrying out the program under paragraph (1), the Secretary shall— develop a capability to communicate clearly and authoritatively about threats by foreign adversaries; conduct independent red-team security analysis of Department of Defense systems, subsystems, devices, and components including no-knowledge testing and testing with limited or full knowledge of expected functionalities; verify the integrity of personnel who are tasked with design fabrication, integration, configuration, storage, test, and documentation of noncommercial 5G technology to be used by the Department of Defense; verify the efficacy of the physical security measures used at Department of Defense locations where system design, fabrication, integration, configuration, storage, test, and documentation of 5G technology occurs; direct the Chief Information Officer of the Department of Defense to use the Federal Risk and Authorization Management Program (commonly known as FedRAMP ) moderate or high cloud standard baselines, supplemented with the Department’s FedRAMP cloud standard controls and control enhancements, to assess 5G core service providers whose services will be used by the Department of Defense through the Department’s provisional authorization process; and direct the Defense Information Systems Agency and the United States Cyber Command to Develop a capability for continuous, independent monitoring of packet streams for 5G data on frequencies assigned to the Department of Defense to validate availability, confidentiality, and integrity of Department of Defense communications systems. Not later than 90 days after the date of the enactment of this Act, the Secretary of Defense shall submit to Congress a plan for the implementation of the program under paragraph (1). Not later than 270 days after submitting the plan under paragraph (3), the Secretary of Defense shall submit to Congress a report that includes— a comprehensive assessment of the findings and conclusions of the program under paragraph (1); recommendations on how to mitigate vulnerabilities in the Department of Defense telecommunications infrastructure; and an explanation of how the Department of Defense plans to implement such recommendations.
Connectionstraces to 1
2 references not yet in our index
  • Pub. L. 107-296
  • 116 Stat. 2135
Citation graph
cites case law
Sec. 223
Information technology modernization and security efforts
U.S.C.§ 923
Pub. L.Pub. L. 107-296
Stat.116 Stat. 2135
Cites 3Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.