Sec. 1657. REPORT ON ENHANCEMENT OF SOFTWARE SECURITY FOR CRITICAL SYSTEMS
406 words·~2 min read·
/statute-compilations/comps-15483/sec-1657A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1657 REPORT ON ENHANCEMENT OF SOFTWARE SECURITY FOR CRITICAL SYSTEMS ###
(a)Report Required Not later than March 1, 2019, the Principal Cyber Adviser to the Secretary of Defense, the Under Secretary of Defense for Research and Engineering, and the Chief Information Officer of the Department of Defense shall jointly submit to the congressional defense committees a report on a study, based on the authorities specified in subsection (b), on the costs, benefits, technical merits, and other merits of applying the technologies described in subsection
(c)to the vulnerability assessment and remediation of the following systems: ####
(1)Nuclear systems and nuclear command and control. ####
(2)A critical subset of conventional power projection capabilities. ####
(3)Cyber command and control. ####
(4)Other defense critical infrastructure. ###
(b)Basis for Conduct of Study The study required for purposes of subsection
(a)shall be conducted pursuant to the following: ####
(1)Section 1640 of the National Defense Authorization Act for Fiscal Year 2018 (Public Law 115-91). ####
(2)Section 1650 of the National Defense Authorization Act for Fiscal Year 2017 (10 U.S.C. 2224 note). ####
(3)Section 1647 of the National Defense Authorization Act for Fiscal Year 2016 (Public Law 114-92; 129 Stat. 1118). ####
(4)Section 937 of the National Defense Authorization Act for Fiscal Year 2014 (Public Law 113-66; 10 U.S.C. 2224 note). ###
(c)Technologies The technologies described in this subsection include the following: ####
(1)Technology acquired, developed, and used by Combat Support Agencies of the Department of Defense to discover flaws and weaknesses in software code by inputting immense quantities of pseudo-random data (commonly referred to as “fuzz”) to identify inputs that cause the software to fail or degrade. ####
(2)Cloud-based software fuzzing-as-a-service to continuously test the security of Department of Defense software repositories at large scale. ####
(3)Formal programming and protocol language for software code development and other methods and tools developed under various programs such as the High Assurance Cyber Military Systems program of the Defense Advanced Research Projects Agency. ####
(4)The binary analysis and symbolic execution software security tools developed under the Cyber Grand Challenge of the Defense Advanced Research Projects Agency. ####
(5)Any other advanced or immature technologies with respect to which the Department of Defense determines there is particular potential for application to the vulnerability assessment and remediation of the systems specified in subsection (a). ## Subtitle D Nuclear Forces
Connectionstraces to 4
Traces to 4 documents
1 reference not yet in our index
- 129 Stat. 1118
Citation graph
cites case law
Sec. 1657
REPORT ON ENHANCEMENT OF SOFTWARE SECURITY FOR CRITICAL SYSTEMS
Stat.129 Stat. 1118
Cites 5Cited by 0 across 0 sources