Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · National Defense Authorization Act for Fiscal Year 2017 · Sec. 1653

Sec. 1653. PLAN FOR INFORMATION SECURITY CONTINUOUS MONITORING CAPABILITY AND COMPLY-TO-CONNECT POLICY; LIMITATION ON SOFTWARE LICENSING

558 words·~3 min read·/statute-compilations/comps-13740/sec-1653

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1653 PLAN FOR INFORMATION SECURITY CONTINUOUS MONITORING CAPABILITY AND COMPLY-TO-CONNECT POLICY; LIMITATION ON SOFTWARE LICENSING **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Information Security Monitoring Plan and Policy ####
(1)Plan and policy The Chief Information Officer of the Department of Defense and the Commander of the United States Cyber Command shall jointly develop— #####
(A)a plan for a modernized, Department-wide automated information security continuous monitoring capability that includes— ######
(i)a proposed information security architecture for the capability; ######
(ii)a concept of operations for the capability; and ######
(iii)requirements with respect to the functionality and interoperability of the tools, sensors, systems, processes, and other components of the continuous monitoring capability; and #####
(B)a comply-to-connect policy that requires systems to automatically comply with the configurations of the networks of the Department as a condition of connecting to such networks. ####
(2)Consultation In developing the plan and policy under paragraph (1), the Chief Information Officer and the Commander shall consult with the Principal Cyber Advisor to the Secretary of Defense. ####
(3)Implementation The Chief Information Officer and the Commander shall each issue such directives as they each consider appropriate to ensure compliance with the plan and policy developed under paragraph (1). ####
(4)Inclusion in budget materials The Secretary of Defense shall include funding and program plans relating to the plan and policy under paragraph
(1)in the budget materials submitted by the Secretary in support of the budget of the President for fiscal year 2019 (as submitted to Congress under section 1105(a) of title 31, United States Code). ####
(5)Integration with other capabilities The Chief Information Officer and the Commander shall ensure that information generated through automated and automation-assisted processes for continuous monitoring, asset management, and comply-to-connect policies and processes shall be accessible and usable in machine-readable form to appropriate cyber protection teams and computer network defense service providers. ####
(6)Software license compliance matters The plan and policy required by paragraph
(1)shall comply with the software license inventory requirements of the plan issued pursuant to section 937 of the National Defense Authorization Act for Fiscal Year 2013 (Public Law 112-239; 10 U.S.C. 2223 note) and updated pursuant to section 935 of the National Defense Authorization Act for Fiscal Year 2014 (Public Law 113-66; 10 U.S.C. 2223 note). ###
(b)Limitation on Future Software Licensing ####
(1)In general Subject to paragraph (2), none of the funds authorized to be appropriated by this Act or otherwise made available for fiscal year 2017 or any fiscal year thereafter for the Department of Defense may be obligated or expended on a contract for a software license with a cost of more than $5,000,000 in a fiscal year unless the Department is able, through automated means— #####
(A)to count the number of such licenses in use; and #####
(B)to determine the security status of each instance of use of the software licensed. ####
(2)Effective date Paragraph
(1)shall apply— #####
(A)beginning on January 1, 2018, with respect to any contract entered into by the Secretary of Defense on or after such date for the licensing of software; and #####
(B)beginning on January 1, 2020, with respect to any contract entered into by the Secretary for the licensing of software that was in effect on December 31, 2017.
Connectionstraces to 3
1 reference not yet in our index
  • Pub. L. 112-239
Citation graph
cites case law
Sec. 1653
PLAN FOR INFORMATION SECURITY CONTINUOUS MONITORING CAPABILITY AND COMPLY-TO-CONNECT POLICY; LIMITATION ON SOFTWARE LICENSING
U.S.C.§ 2224
U.S.C.§ 2223
Pub. L.Public Law 113-66
Pub. L.Pub. L. 112-239
Cites 4Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.