Sec. 6613. Prohibition on access to Department of Defense cloud-based resources by individuals who are not citizens of the United States or allied countries
661 words·~3 min read·
/bill/119/s/2296/es/section-6613·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
An individual not described in paragraph
(2)may not maintain, administer, operate, use, receive information about, or directly access or indirectly access, irrespective of whether the individual is supervised by a citizen of the United States, any Department of Defense cloud computing system or cloud-based software, Department data, or Department-related data. An individual is described in this paragraph if the individual— has the requisite security clearance or authorization required to access the applicable system, software, or data; and is person described in paragraph
(1)or
(2)of section 504(b) of title 10, United States Code; or is a citizen of a member country of the Five Eyes intelligence-sharing alliance or of a country that is an ally or partner of the United States that has a similar agreement in effect. The Secretary of Defense shall establish regulations to carry out this subsection, including safeguards to ensure that only individuals described in paragraph
(2)maintain, administer, operate, access, and use the systems, software, and data described in paragraph (1). The Secretary shall— review all relevant guidance, directives, procedures, requirements, and regulations of the Department of Defense, including the Cloud Computing Security Requirements Guide, the Security Technical Implementation Guides, and related Department instructions; and make such revisions as may be necessary to ensure conformity and compliance with subsection (a). The Secretary shall— conduct a review of all cloud computing contracts in effect for the Department— for any violations of section 252.225–7058 of the Defense Federal Acquisition Regulation Supplement and recommended penalties; and to determine— which contracts have allowed individuals not described in paragraph
(2)to maintain, administer, operate, or directly access or indirectly access, whether supervised or unsupervised by a United States citizen, any Government cloud computing system or cloud-based software, Government data, or Government-related data; and how many of the individuals described in clause
(i)are citizens of foreign countries of concern; and submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives a report on the findings of the Secretary with respect to the review conducted pursuant to paragraph (1). ln this section: The term cloud computing has the meaning given such term in section 239.7601 of the Defense Federal Acquisition Regulation Supplement, or successor regulation. The term cloud-based software means a software application, platform, or computational service that is— delivered to end users via internet-based cloud computing infrastructure; hosted, operated, maintained, and controlled by a third-party service provider; and accessed remotely by users without requiring local installation or deployment of the software on user devices or Department-controlled systems. The terms Department data and Department-related data have the meanings given the terms Government data and Government-related data , respectively, in section 239.7601 of the Defense Federal Acquisition Regulation Supplement, or successor regulation, except in this section, such terms apply only to the Department of Defense. The term directly access , with respect to a system, software, or data, means— to physically access the system, software, or data; or to logically access the system, software, or data, through proxy, virtual, administrative, or programmatic means such that an individual can modify, alter, control, administer, configure, or deploy the system, software, or data. The term Five Eyes intelligence-sharing alliance includes the following: The Commonwealth of Australia. Canada. New Zealand. The United Kingdom of Great Britain and Northern Ireland. The United States of America. The term foreign country of concern has the meaning given that term in section 9901 of the William M.
(Mac)Thornberry National Defense Authorization Act for Fiscal Year 2021 ( 15 U.S.C. 4651 ). The term indirectly access , with respect to a system, software, or data, means to obtain, receive, collect, or derive information from the system, software, or data regarding technical details, operational characteristics, or security-related attributes, including— system configurations; network architecture; security controls; data schemas; performance metrics; and access logs or other information that could compromise the confidentiality, integrity, or availability of the system, software, or data.
Connectionstraces to 1
Traces to 1 document
U.S. Code
Citation graph
cites case law
Sec. 6613
Prohibition on access to Department of Defense cloud-based resources by individuals who are not citizens of the United States or allied countries
Cites 1Cited by 0 across 0 sources