Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 · Sec. 1727

Sec. 1727. REPORTING REQUIREMENTS FOR CROSS DOMAIN INCIDENTS AND EXEMPTIONS TO POLICIES FOR INFORMATION TECHNOLOGY

348 words·~2 min read·/statute-compilations/comps-16736/sec-1727

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1727 REPORTING REQUIREMENTS FOR CROSS DOMAIN INCIDENTS AND EXEMPTIONS TO POLICIES FOR INFORMATION TECHNOLOGY **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Incident Reporting ####
(1)In general Effective beginning on the date of the enactment of this Act, the Secretary of Defense and the secretaries of the military services shall submit to the congressional defense committees a monthly report in writing that documents each instance or indication of a cross-domain incident within the Department of Defense. ####
(2)Procedures The Secretary of Defense shall submit to the congressional defense committees procedures for complying with the requirements of paragraph
(1)consistent with the national security of the United States and the protection of operational integrity. The Secretary shall promptly notify such committees in writing of any changes to such procedures at least 14 days prior to the adoption of any such changes. ####
(3)Definition In this subsection, the term “cross domain incident” means any unauthorized connection of any duration between software, hardware, or both that is either used on, or designed for use on a network or system built for classified data, and systems not accredited or authorized at the same or higher classification level, including systems on the public internet, regardless of whether the unauthorized connection is later determined to have resulted in the exfiltration, exposure, or spillage of data across the cross domain connection. ###
(b)Exemptions to Policy for Information Technology Not later than six months after the date of the enactment of this Act and biannually thereafter, the Secretary of Defense and the secretaries of the military services shall submit to the congressional defense committees a report in writing that enumerates and details each current exemption to information technology policy, interim Authority To Operate
(ATO)order, or both. Each such report shall include other relevant information pertaining to each such exemption, including relating to the following: ####
(1)Risk categorization. ####
(2)Duration. ####
(3)Estimated time remaining. ###
(c)Termination Date The requirement of the Secretary of Defense to submit a monthly report under subsection
(a)shall terminate on December 31, 2025.
Connectionstraces to 1
Citation graph
cites case law
Sec. 1727
REPORTING REQUIREMENTS FOR CROSS DOMAIN INCIDENTS AND EXEMPTIONS TO POLICIES FOR INFORMATION TECHNOLOGY
U.S.C.§ 2224
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.