Sec. 933. IMPROVEMENTS IN ASSURANCE OF COMPUTER SOFTWARE PROCURED BY THE DEPARTMENT OF DEFENSE
520 words·~2 min read·
/statute-compilations/comps-10359/sec-933A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 933 IMPROVEMENTS IN ASSURANCE OF COMPUTER SOFTWARE PROCURED BY THE DEPARTMENT OF DEFENSE **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Baseline Software Assurance Policy The Under Secretary of Defense for Acquisition, Technology, and Logistics, in coordination with the Chief Information Officer of the Department of Defense, shall develop and implement a baseline software assurance policy for the entire lifecycle of covered systems. Such policy shall be included as part of the strategy for trusted defense systems of the Department of Defense. ###
(b)Policy Elements The baseline software assurance policy under subsection
(a)shall— ####
(1)require use of appropriate automated vulnerability analysis tools in computer software code during the entire lifecycle of a covered system, including during development, operational testing, operations and sustainment phases, and retirement; ####
(2)require covered systems to identify and prioritize security vulnerabilities and, based on risk, determine appropriate remediation strategies for such security vulnerabilities; ####
(3)ensure such remediation strategies are translated into contract requirements and evaluated during source selection; ####
(4)promote best practices and standards to achieve software security, assurance, and quality; and ####
(5)support competition and allow flexibility and compatibility with current or emerging software methodologies. ###
(c)Verification of Effective Implementation The Under Secretary of Defense for Acquisition, Technology, and Logistics, in coordination with the Chief Information Officer of the Department of Defense, shall— ####
(1)collect data on implementation of the policy developed under subsection
(a)and measure the effectiveness of such policy, including the particular elements required under subsection (b); and ####
(2)identify and promote best practices, tools, and standards for developing and validating assured software for the Department of Defense. ###
(d)Briefing on Additional Means of Improving Software Assurance Not later than one year after the date of the enactment of this Act, the Under Secretary for Acquisition, Technology, and Logistics shall, in coordination with the Chief Information Officer of the Department of Defense, provide to the congressional defense committees a briefing on the following: ####
(1)A research and development strategy to advance capabilities in software assurance and vulnerability detection. ####
(2)The state-of-the-art of software assurance analysis and test. ####
(3)How the Department might hold contractors liable for software defects or vulnerabilities. ###
(e)Definitions In this section: ####
(1)Covered system The term “covered system” means any Department of Defense critical information, business, or weapons system that is— #####
(A)a major system, as that term is defined in section 2302(5) of title 10, United States Code; #####
(B)a national security system, as that term is defined in section 3542(b)(2) of title 44, United States Code; or #####
(C)a Department of Defense information system categorized as Mission Assurance Category I in Department of Defense Directive 8500.01E that is funded by the Department of Defense. ####
(2)Software assurance The term “software assurance” means the level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the life cycle. **[**Section 934 was repealed by section 812(b)(1) of division A of Public Law 115–232.**]**
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Sec. 933
IMPROVEMENTS IN ASSURANCE OF COMPUTER SOFTWARE PROCURED BY THE DEPARTMENT OF DEFENSE
Cites 2Cited by 0 across 0 sources