Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · S. 1790 (Engrossed in Senate) — To authorize appropriations for fiscal year 2020 for military activities of the Department of Defense, for military c... · Sec. 1632

Sec. 1632. Zero-based review of Department of Defense cyber and information technology personnel

888 words·~4 min read·/bill/116/s/1790/es/section-1632·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than January 1, 2021, each head of a covered department, component, or agency shall— complete a zero-based review of the cyber and information technology personnel of the head's covered department, component, or agency; and provide the Principal Cyber Advisor, the Chief Information Officer of the Department of Defense, and the Under Secretary of Defense for Personnel and Readiness the findings of the head with respect to the head's covered department, component, or agency.
For purposes of this section, a covered department, component, or agency is— an independent Department of Defense component or agency; the Office of the Secretary of Defense; a component of the Joint Staff; a military department or an armed force; or a reserve component of the Armed Forces. As part of a review conducted pursuant to subsection (a)(1), the head of a covered department, component, or agency shall, with respect to the covered department, component, or agency of the head— assess military, civilian, and contractor positions and personnel performing cyber and information technology missions; determine the roles and functions assigned by reviewing existing position descriptions and conducting interviews to quantify the current workload performed by military, civilian, and contractor workforce; compare the Department’s manning with the manning of comparable industry organizations; include evaluation of the utility of cyber- and information technology-focused missions, positions, and personnel within such components— to assess the effectiveness and efficiency of current activities; to assess the necessity of increasing, reducing, or eliminating resources; and to guide prioritization of investment and funding; develop recommendations and objectives for organizational, manning, and equipping change, taking into account anticipated developments in information technologies, workload projections, automation and process enhancements, and Department requirements; develop a gap analysis, contrasting the current organization and the objectives developed pursuant to paragraph (5); and develop roadmaps of prioritized activities and a timeline for implementing the activities to close the gaps identified pursuant to paragraph (6).
In carrying out a review pursuant to subsection (a)(1), the head of a covered department, component, or agency shall consider the following: Whether position descriptions and coding designators for given cybersecurity and information technology roles are accurate indicators of the work being performed. Whether the function of any cybersecurity or information technology position or personnel can be replaced by acquisition of cybersecurity or information technology products or automation.
Whether a given component or subcomponent is over- or under-resourced in terms of personnel, using industry standards as a benchmark where applicable. Whether cybersecurity service provider positions and personnel fit coherently into the enterprise-wide cybersecurity architecture and with the Department’s cyber protection teams. Whether the function of any cybersecurity or information technology position or personnel could be conducted more efficiently or effectively by enterprise-level cyber or information technology personnel.
In carrying out subsection (a)(2), each head of a covered department, component, or agency, shall furnish to the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary a description of the analysis that led to the findings submitted under such subsection and the data used in such analysis. The Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary of Defense shall jointly review each submittal under subsection (a)(2) and certify whether the findings and analysis are in compliance with the requirements of this section.
After receiving findings submitted by a head of a covered department, component, or agency pursuant to paragraph
(2)of subsection
(a)with respect to a review conducted by the head pursuant to paragraph
(1)of such subsection, the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary shall jointly provide to such head such recommendations as the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary may have for changes in manning or acquisition that proceed from such review. The Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary shall jointly oversee and assist in the implementation of the roadmaps developed pursuant to subsection (c)(7) and the recommendations developed pursuant to subsection (f). Not later than six months after the date of the enactment of this Act and not less frequently than once every six months thereafter until the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary give the briefing required by subsection (i), the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary shall jointly— conduct in-progress reviews of the status of the reviews required by subsection (a)(1); and provide the congressional defense committees with a briefing on such in-progress reviews. After all of the reviews have been completed under paragraph
(1)of subsection (a), after receiving all of the findings pursuant to paragraph
(2)of such subsection, and not later than June 1, 2021, the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary shall jointly provide to the congressional defense committees a briefing on the findings of the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary with respect to such reviews, including such recommendations as the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary may have for changes to the budget of the Department as a result of such reviews. In this section, the term zero-based review means a review in which assessment is conducted with each item, position, or person costed anew, rather than in relation to its size or status in any previous budget.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.