Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 · Sec. 835

Sec. 835. BALANCING SECURITY AND INNOVATION IN SOFTWARE DEVELOPMENT AND ACQUISITION

297 words·~1 min read·/statute-compilations/comps-16736/sec-835

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 835 BALANCING SECURITY AND INNOVATION IN SOFTWARE DEVELOPMENT AND ACQUISITION **[**[10 U.S.C. 4571 note](/us/usc/t10/s4571)**]** ###
(a)Requirements for Solicitations of Commercial and Developmental Solutions The Under Secretary of Defense for Acquisition and Sustainment, in coordination with the Chief Information Officer of the Department of Defense, shall develop requirements for appropriate software security criteria to be included in solicitations for commercial and developmental solutions and the evaluation of bids submitted in response to such solicitations, including a delineation of what processes were or will be used for a secure software development life cycle. Such requirements shall include— ####
(1)establishment and enforcement of secure coding practices; ####
(2)management of supply chain risks and third-party software sources and component risks; ####
(3)security of the software development environment; ####
(4)secure deployment, configuration, and installation processes; and ####
(5)an associated vulnerability management plan and identification of tools that will be applied to achieve an appropriate level of security. ###
(b)Security Review of Code The Under Secretary of Defense for Acquisition and Sustainment, in coordination with the Chief Information Officer of the Department of Defense, shall develop— ####
(1)procedures for the security review of code; and ####
(2)other procedures necessary to fully implement the pilot program required under section 875 of the National Defense Authorization Act for Fiscal Year 2018 (Public Law 115-91; 10 U.S.C. 2223 note). ###
(c)Coordination With Cybersecurity Acquisition Policy Efforts The Under Secretary of Defense for Acquisition and Sustainment shall develop the requirements and procedures described under subsections
(a)and
(b)in coordination with the efforts of the Department of Defense to develop new cybersecurity and program protection policies and guidance that are focused on cybersecurity in the context of acquisition and program management and on safeguarding information.
Connectionstraces to 3
Citation graph
cites case law
Sec. 835
BALANCING SECURITY AND INNOVATION IN SOFTWARE DEVELOPMENT AND ACQUISITION
U.S.C.§ 4571
Pub. L.Public Law 115-91
U.S.C.§ 2223
Cites 3Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.