Sec. 861. Implementation of modular open systems architecture requirements
1,868 words·~8 min read·
/bill/116/s/4049/rs/section-861A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than one year after the date of the enactment of this Act, the Under Secretary of Defense for Acquisition and Sustainment, in coordination with the Joint All Domain Command and Control Cross Functional Team under the supervision of the Department of Defense Chief Information Officer and the Joint Staff Director for Command, Control, Communications, and Computers/Cyber, shall prescribe regulations and issue guidance to the military services, defense agencies and field activities, and combatant commands, as appropriate, in order to— facilitate the Department of Defense’s access to and utilization of system, major subsystem, and major component software-defined interfaces; fully meet the intent of chapter 144B of title 10, United States Code; and advance the Department’s efforts to generate diverse and recomposable kill chains.
The regulations and guidance required in subsection (a)(1) shall include, at a minimum— requirements that each relevant program office characterizes the desired modularity of the system for which it is responsible, either, in the case of major defense acquisition programs, in the acquisition strategy required under section 2431a of title 10, United States Code, or, in the case of other programs, via other documentation, including— specification of which system, major subsystems, and major components should be able to execute without requiring coincident execution of other systems, major subsystems, and major components; a default configuration specifying which systems, major subsystems, and major components should communicate with other systems, major subsystems, and major components; and specification of what information should be communicated, the method of the communication, and the desired function of the communication; requirements that relevant Department of Defense contracts include mandates for the delivery of system, major subsystem, and major component software-defined interfaces for systems, major subsystems, and major components deemed relevant in the acquisition strategy or documentation referred to in subsection (a)(2)(a), including— software-defined interface syntax and properties, specifically governing how values are validly passed and received between major subsystems and components, in machine-readable format; a machine-readable definition of the relationship between the delivered interface and existing common standards or interfaces available in the interface repository of subsection (c), if appropriate and available, using interface field transform technology developed under the Defense Advanced Research Projects Agency System of Systems Technology Integration Tool Chain for Heterogeneous Electronic Systems (STITCHES) program or technology that is functionally similar; and documentation with functional descriptions of software-defined interfaces, conveying semantic meaning of interface elements, such as the function of a given interface field; requirements that relevant program offices, including those responsible for maintaining and upgrading legacy systems, that have awarded contracts that do not include the requirements specified in subparagraph
(B)of paragraph
(2)nevertheless acquire the items specified in clauses
(i)through
(iii)of such subparagraph, either through contractual updates, separate negotiations or contracts, or program management mechanisms; and requirements that program offices deliver these interfaces and the associated documentation to the controlled repository established under subsection (c). The regulations and guidance required under subsection (a)(1) shall apply, at a minimum, to program offices responsible for the prototyping, acquisition, or sustainment of new or existing cyber-physical weapon systems with software-defined interfaces, or with major subsystems or components with software-defined interfaces, developed or to be developed, wholly or in part with Federal funds, including those applicable program offices using other transaction authorities (OTA). One year after the promulgation of the regulations and guidance required under subsection (a)(1) for cyber-physical systems, the Under Secretary of Defense for Acquisition and Sustainment shall extend the regulations and guidance to apply to purely software systems, including business systems and cybersecurity systems. The Secretary may make the regulations and guidance applicable, as practicable, to program offices responsible for the acquisition of systems and capabilities under part 12 of the Federal Acquisition Regulation and commercially available off the-the-shelf items. The major subsystems and components covered under paragraph (2)(A) shall include all subsystems and components covered by contract line items. Not later than one year after the date of the enactment of this Act, the Under Secretary of Defense for Acquisition and Sustainment shall prescribe regulations to define the legitimate interest of the United States and of a contractor or subcontractor in interface software. The regulations shall be included in regulations of the Department of Defense prescribed as part of the Defense Supplement to the Federal Acquisition Regulation. The regulations prescribed pursuant to paragraph
(1)may not— impair any right of the United States or of any contractor or subcontractor with respect to patents or copyrights or any other right in software otherwise established by law; or impair the right of a contractor or subcontractor to receive from a third party a fee or royalty for the use of software pertaining to an item or process developed exclusively at private expense by the contractor or subcontractor, except as otherwise specifically provided by law. Such regulations shall include the following provisions: In the case of a software interface that is developed by a contractor or subcontractor exclusively with Federal funds (other than an item developed under a contract or subcontract to which regulations under section 9(j)(2) of the Small Business Act ( 15 U.S.C. 638(j)(2) ) apply), the United States shall have the unlimited and non-expiring right to use the software or release or disclose the software to persons outside the government or permit the use of the software by such persons. In the case of a software interface that is developed in part with Federal funds and in part at private expense and except in any case in which the Secretary of Defense determines that negotiation of different rights in such software would be in the best interest of the United States, the Government— shall have Government-purpose rights to the software interface, and, in addition, may release or disclose the software interface, or authorize others to do so, if— prior to release or disclosure, the intended recipient is subject to an exclusive for-Government-use and non-disclosure agreement; the intended recipient is a Government contractor receiving access to the interface for the performance of a Government contract; and the intended use is for the purpose of system, major subsystem, and major component segregation, interoperability, integration, or reintegration; and may not use, or authorize other persons to use, interface software for commercial purposes. In the case of a software interface that is developed exclusively at private expense, the Government shall negotiate with the contractor or the subcontractor to best achieve, if practical, Government-purpose rights to the software interface and rights to release or disclose the software interface, or authorize others to do so, if— prior to release or disclosure, the intended recipient is subject to an exclusive for-Government use and non-disclosure agreement; the intended recipient is a Government contractor receiving access to the interface for the performance of a Government contract; and the intended use is for the purpose of system, major subsystem, and major component segregation, interoperability, integration and reintegration. The Under Secretary of Defense for Acquisition and Sustainment shall establish and maintain, at the appropriate classification level, an interface repository for interfaces, syntax and properties, documentation, and communication implementations delivered pursuant to the requirements established under subsection (a)(2)(B) and shall provide interfaces, access to interfaces, and relevant documentation to the military services, defense agencies and field activities, combatant commands, and contractors, as appropriate, to facilitate system, major subsystem, and major component segregation and reintegration. Consistent with section 2320 of title 10, United States Code, and in accordance with subsection (b), the Under Secretary of Defense for Acquisition and Sustainment may distribute interfaces, access to interfaces, and relevant documentation to Government entities and contractors. Any such protected transfer or disclosure by the Government to a recipient is limited to only those data necessary for segregation, interoperability, integration, or reintegration. No later than one year after the date of the enactment of this Act, the Joint Staff Director for Command, Control, Communications, and Computers/Cyber and Department of Defense Chief Information Officer, through the Joint All Domain Command and Control Cross Functional Team, shall conduct demonstrations and complete an assessment of the technologies developed under the Defense Advanced Research Projects Agency’s System of Systems Integration Technology and Experimentation program, including the STITCHES technology, and their applicability to the Joint All-Domain Command and Control architecture. The demonstrations and assessment shall include— at least three demonstrations of the use of the STITCHES technology to create, under constrained schedules and budgets, novel kill chains involving previously incompatible weapon systems, sensors, and command, control, and communication systems from multiple military services in cooperation with United States Indo-Pacific Command or United States European Command; an evaluation as to whether the communications enabled via the STITCHES technology are sufficient for military missions and whether the technology results in any substantial performance loss in communication between systems, major subsystems, and major components; an evaluation as to whether the STITCHES technology obviates the need to develop, impose, and maintain strict adherence to common communication and interface standards for Department of Defense systems; the appropriate roles and responsibilities of the Department of Defense Chief Information Officer, the Under Secretary of Defense for Acquisition and Sustainment, the geographic combatant commands, the military services, the Defense Advanced Research Projects Agency, and the defense industrial base in using and maintaining the STITCHES technology to generate diverse and recomposable kill chains as part of the Joint All-Domain Command and Control architecture; and coordination with the program manager for the Time Sensitive Targeting Defeat program under the Under Secretary of Defense for Research and Engineering and the Under Secretary of Defense for Intelligence. The Department of Defense Chief Information Officer shall assess the technologies developed under the Defense Advanced Research Projects Agency’s System of Systems Integration Technology and Experimentation program, including the STITCHES interface field transform technology, and their applicability to the Department’s business systems and cybersecurity tools. This assessment shall include— at least two demonstrations of the use of the STITCHES technology in enabling communication between business systems; in coordination with the Cross Functional Team under the Principal Cyber Adviser and the Integrated Adaptive Cyber Defense program office of the National Security Agency, at least two demonstrations of the use of the STITCHES technology in enabling communication between and orchestration of previously incompatible cybersecurity tools; and an evaluation as to how the STITCHES technology could be used in concert with or instead of existing cybersecurity standards, frameworks, and technologies designed to enable communication across cybersecurity tools. To conduct the demonstrations and assessments required under this subsection and to execute the Joint All Domain Command and Control program, the Joint All Domain Command and Control program office shall sustain the STITCHES engineering resources and capabilities developed by the Defense Advanced Research Projects Agency. One year after the date of enactment of this Act, the Secretary of Defense may transfer responsibility for maintaining the STITCHES engineering capabilities to a different organization. In this section: The term desired modularity means the desired degree to which systems, major constitutive subsystems and components within a system, and major subsystems and components across subsystems can function as modules that can communicate across component boundaries and through interfaces and can be separated and recombined to achieve various effects, missions, or capabilities. The term machine-readable format means a format that can be easily processed by a computer without human intervention.
Connectionstraces to 1
Traces to 1 document
U.S. Code
Citation graph
cites case law
Sec. 861
Implementation of modular open systems architecture requirements
Cites 1Cited by 0 across 0 sources