Sec. 1739. ASSESSMENT ON DEFENSE INDUSTRIAL BASE CYBERSECURITY THREAT HUNTING PROGRAM
768 words·~3 min read·
/statute-compilations/comps-16736/sec-1739A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1739 ASSESSMENT ON DEFENSE INDUSTRIAL BASE CYBERSECURITY THREAT HUNTING PROGRAM **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Assessment Required Not later than 270 days after the date of the enactment of this Act, the Secretary of Defense shall complete an assessment of the feasibility, suitability, definition of, and resourcing required to establish a defense industrial base cybersecurity threat hunting program to actively identify cybersecurity threats and vulnerabilities within the defense industrial base. ###
(b)Elements The assessment required under section
(a)shall include evaluation of the following: ####
(1)Existing defense industrial base cybersecurity threat hunting policies and programs, including the threat hunting elements at each level of the compliance-based Cybersecurity Maturity Model Certification program of the Department of Defense, including requirements germane to continuous monitoring, discovery, and investigation of anomalous activity indicative of a cybersecurity incident. ####
(2)The suitability of a continuous cybersecurity threat hunting program, as a supplement to the cyber hygiene requirements of the Cybersecurity Maturity Model Certification, including consideration of the following: #####
(A)Collection and analysis of metadata on network activity to detect possible intrusions. #####
(B)Rapid investigation and remediation of possible intrusions. #####
(C)Requirements for mitigating any vulnerabilities identified pursuant to the cybersecurity threat hunting program. #####
(D)Mechanisms for the Department of Defense to share with entities in the defense industrial base malicious code, indicators of compromise, and insights on the evolving threat landscape. ####
(3)Recommendations with respect to cybersecurity threat hunting program participation of prime contractors and subcontractors, including relating to the following: #####
(A)Incentives for defense industrial base entities to share with the Department of Defense threat and vulnerability information collected pursuant to threat monitoring and hunting activities. #####
(B)Mandating minimum levels of program participation for any defense industrial base entity. #####
(C)Procurement prohibitions on any defense industrial base entity that is not in compliance with the requirements of the cybersecurity threat hunting program. #####
(D)Waiver authority and criteria. #####
(E)Consideration of a tiered cybersecurity threat hunting program that takes into account the following: ######
(i)The cybersecurity maturity of defense industrial base entities. ######
(ii)The roles of such entities. ######
(iii)Whether each such entity possesses classified information or controlled unclassified information and covered defense networks. ######
(iv)The covered defense information to which each such entity has access as a result of contracts with the Department of Defense. ####
(4)Whether the continuous cybersecurity threat-hunting program described in paragraph
(2)should be conducted by— #####
(A)qualified prime contractors or subcontractors; #####
(B)accredited third-party cybersecurity vendors; #####
(C)with contractor consent— ######
(i)United States Cyber Command; or ######
(ii)a component of the Department of Defense other than United States Cyber Command; #####
(D)the deployment of network sensing technologies capable of identifying and filtering malicious network traffic; or #####
(E)a combination of the entities specified in subparagraphs
(A)through (D). ####
(5)The resources necessary, governance structures or changes in regulation or law needed, and responsibility for execution of a defense industrial base cybersecurity threat hunting program, as well as any other considerations determined relevant by the Secretary. ####
(6)A timelime for establishing the defense industrial base cybersecurity threat hunting program not later than two years after the date of the enactment of this Act. ####
(7)Identification of any barriers that would prevent such establishment. ###
(c)Consultation In conducting the assessment required under subsection (a), the Secretary of Defense shall consult with and solicit recommendations from representative industry stakeholders across the defense industrial base regarding the elements described in subsection
(b)and potential stakeholder costs of compliance. ###
(d)Determination and Briefing Upon completion of the assessment required under subsection (a), the Secretary of Defense shall make a determination regarding the establishment of a defense industrial base cybersecurity threat hunting program and provide a briefing to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives on— ####
(1)the findings of the Secretary with respect to such assessment and such determination; and ####
(2)such implementation plans as the Secretary may have arising from such findings. ###
(e)Implementation If the Secretary of Defense makes a positive determination pursuant to subsection
(d)of the feasibility and suitability of establishing a defense industrial base threat cybersecurity threat hunting program, the Secretary shall establish such program. Not later than 180 days after a positive determination, the Secretary of Defense shall promulgate such rules and regulations as are necessary to establish the defense industrial base cybersecurity threat hunting program under this section.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 1739
ASSESSMENT ON DEFENSE INDUSTRIAL BASE CYBERSECURITY THREAT HUNTING PROGRAM
Cites 1Cited by 0 across 0 sources