Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · S. 2226 (Engrossed in Senate) — To authorize appropriations for fiscal year 2024 for military activities of the Department of Defense for military co... · Sec. 1721

Sec. 1721. Requirements for implementation of user activity monitoring for cleared personnel and operational and information technology administrators and other privileged users

580 words·~3 min read·/bill/118/s/2226/es/section-1721

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Secretary of Defense shall require each head of a component of the Department of Defense to fully implement directives, policies, and program requirements for user activity monitoring and least privilege access controls for Federal Government and contractor personnel granted access to classified information and classified networks. The Secretary shall require each head of a Department component to fully implement the detection, collection, and auditing of the following: Sent and received emails, including sent attachments and emails sent outside of Federal Government domains.
Screen captures and print jobs, with focused attention on unusual volumes and times. Accesses to World Wide Web Uniform Resource Locators and uploads and downloads involving nongovernment domains. All instances in which a user creates, copies, moves to, or renames a file on removable media. Secure file transfers, including on nonstandard ports. Keystrokes. Unauthorized research on user activity monitoring agents and techniques to disable user activity monitoring agents. Attempts to clear event logs on devices.
Unauthorized applications being installed or run on an endpoint. Installation and use of mounted drives, including serial numbers of such drives. Initiation and control of an interactive session on a remote computer or virtual machine. Instances where monitored users are denied access to a network location or resource. Users uploading to or downloading from cloud services. Administrative actions by privileged users, including remote and after-hour administrative actions, as well as document viewing, copy and paste activity, and file copying to new locations.
The Secretary shall require each head of a Department component to implement the following: Automated controls to prohibit privileged user accounts from performing general user activities not requiring privileged access. Two-person control whereby privileged users attempt to initiate data transfers from a classified domain and removable media-based data transfer activities on classified networks. The Secretary shall require each head of a Department component to implement standard triggers, alerts, and controls developed by the Under Secretary of Defense for Intelligence and Security based on insider threat behavior models approved by the Under Secretary.
A head of a Department component that seeks to adopt a practice pursuant to paragraph
(1)that deviates from standard triggers, alerts, and controls described in such paragraph by being less stringent shall submit to the Under Secretary a request for approval for such deviation along with a written justification for such deviation. The Secretary shall require each head of a Department component, not less frequently than once every two years— to conduct insider threat testing using threat-realistic tactics, techniques, and procedures; and to submit to the Under Secretary and the Director of Operational Test and Evaluation a report on the findings of the head with respect to the testing conducted pursuant to paragraph (1). The Secretary shall review and update the standard set of triggers, alerts, and controls described in subsection (d)(1) at least once every three years to account for new technology, new insider threat behaviors, and the results of testing conducted pursuant to subsection (e)(1). Not later than 180 days after the date of the enactment of this Act, the Secretary shall submit to the Committee on Armed Services and the Select Committee on Intelligence of the Senate and the Committee on Armed Services and the Permanent Select Committee on Intelligence of the House of Representatives a report on the implementation of the requirements of this section. In this section, the term trigger means a set of logic statements applied to a data stream that produces an alert when an anomalous incident or behavior occurs.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.