Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · H.R. 4350 (Engrossed in House) — To authorize appropriations for fiscal year 2022 for military activities of the Department of Defense, for military c... · Sec. 1543

Sec. 1543. Implementation of certain cybersecurity recommendations; cyber hygiene and Cybersecurity Maturity Model Certification Framework

446 words·~2 min read·/bill/117/hr/4350/eh/section-1543·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the congressional defense committees a report regarding the plans of the Secretary to implement certain cybersecurity recommendations to ensure— the Chief Information Officer of the Department of Defense takes appropriate steps to ensure implementation of DC3I tasks; Department components develop plans with scheduled completion dates to implement any remaining CDIP tasks overseen by the Chief Information Officer; the Deputy Secretary of Defense identifies a Department component to oversee the implementation of any CDIP tasks not overseen by the Chief Information Officer and reports on progress relating to such implementation;
Department components accurately monitor and report information on the extent that users have completed Cyber Awareness Challenge training, as well as the number of users whose access to the Department network was revoked because such users have not completed such training; the Chief Information Officer ensures all Department components, including DARPA, require their users to take Cyber Awareness Challenge training; a Department component is directed to monitor the extent to which practices are implemented to protect the Department’s network from key cyberattack techniques; and the Chief Information Officer assesses the extent to which senior leaders of the Department have more complete information to make risk-based decisions, and revise the recurring reports (or develop a new report) accordingly, including information relating to the Department’s progress on implementing— cybersecurity practices identified in cyber hygiene initiatives; and cyber hygiene practices to protect Department networks from key cyberattack techniques.
Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the congressional defense committees and the Comptroller General of the United States a report on the cyber hygiene practices of the Department of Defense and the extent to which such practices are effective at protecting Department missions, information, system and networks. The report shall include the following: An assessment of each Department component’s compliance with the requirements and levels identified in the Cybersecurity Maturity Model Certification framework.
For each Department component that does not achieve the requirements for good cyber hygiene as defined in CMMC Model Version 1.02, a plan for how that component will implement security measures to bring it into compliance with good cyber hygiene requirements within one year, and a strategy for mitigating potential vulnerabilities and consequences until such requirements are implemented. Not later than 180 days after the submission of the report required under paragraph (1)), the Comptroller General of the United States shall conduct an independent review of the report and provide a briefing to the congressional defense committees on the findings of the review.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.