Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · John S. McCain National Defense Authorization Act for Fiscal Year 2019 · Sec. 1647

Sec. 1647. INFORMATION SECURITY CONTINUOUS MONITORING AND CYBERSECURITY SCORECARD

339 words·~2 min read·/statute-compilations/comps-15483/sec-1647

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1647 INFORMATION SECURITY CONTINUOUS MONITORING AND CYBERSECURITY SCORECARD ###
(a)Limitation After October 1, 2019, no funds may be obligated or expended to prepare the cybersecurity scorecard for the Secretary of Defense unless the Department of Defense is implementing a funded capability to meet the requirements— ####
(1)established by the Chief Information Officer and the Commander of United States Cyber Command pursuant to section 1653 of the National Defense Authorization for Fiscal Year 2017 (Public Law 114-328; 10 U.S.C. 2224 note); and ####
(2)as set forth in the Department of Defense’s policies on modernized, Department-wide automated information security continuous monitoring. ###
(b)Report Not later than January 10, 2019, the Director of Cost Assessment and Program Evaluation shall submit to the congressional defense committees a report— ####
(1)comparing the current capabilities of the Department of Defense to— #####
(A)the requirements described in subsection (a); #####
(B)the capabilities deployed by the Department of Homeland Security and the General Services Administration under the Continuous Diagnostics and Mitigation program across the non-Department of Defense departments and agencies of the Federal Government; and ####
(2)that contains a review and determination of whether the current requirements and policies described in subsection
(a)are adequate to address the current threat environment. ###
(c)Risk Thresholds **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** The Chief Information Officer of the Department of Defense, in coordination with the Principal Cyber Advisor, the Director of Operations of the Joint Staff, and the Commander of United States Cyber Command, shall establish risk thresholds for systems and network operations that, when exceeded, would trigger heightened security measures, such as enhanced monitoring and access policy changes. ###
(d)Enterprise Governance, Risk, and Compliance Plan Not later than 180 days after the date of the enactment of this Act, the Chief Information Officer and the Principal Cyber Advisor shall develop a plan to implement an enterprise governance, risk, and compliance platform and process to maintain current status of all information and operational technology assets, vulnerabilities, threats, and mitigations.
Connectionstraces to 2
Citation graph
cites case law
Sec. 1647
INFORMATION SECURITY CONTINUOUS MONITORING AND CYBERSECURITY SCORECARD
Pub. L.Public Law 114-328
U.S.C.§ 2224
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.