Sec. 1521. ENTERPRISE-WIDE PROCUREMENT OF CYBER DATA PRODUCTS AND SERVICES
748 words·~3 min read·
/statute-compilations/comps-16861/sec-1521A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1521 ENTERPRISE-WIDE PROCUREMENT OF CYBER DATA PRODUCTS AND SERVICES **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Program Not later than one year after the date of the enactment of this Act, the Secretary of Defense shall designate an executive agent for Department of Defense-wide procurement of cyber data products and services. The executive agent shall establish a program management office responsible for such procurement, and the program manager of such program office shall be responsible for the following: ####
(1)Surveying components of the Department for the cyber data products and services needs of such components. ####
(2)Conducting market research of cyber data products and services. ####
(3)Developing or facilitating development of requirements, both independently and through consultation with components, for the acquisition of cyber data products and services. ####
(4)Developing and instituting model contract language for the acquisition of cyber data products and services, including contract language that facilitates components’ requirements for ingesting, sharing, using and reusing, structuring, and analyzing data derived from such products and services. ####
(5)Conducting procurement of cyber data products and services on behalf of the Department of Defense, including negotiating contracts with a fixed number of licenses based on aggregate component demand and negotiation of extensible contracts. ####
(6)Evaluating emerging cyber technologies, such as artificial intelligence-enabled security tools, for efficacy and applicability to the requirements of the Department of Defense. ####
(7)Carrying out the responsibilities specified in paragraphs
(1)through
(6)with respect to the cyber data products and services needs of the Cyberspace Operations Forces, such as cyber data products and services germane to cyberspace topology and identification of adversary threat activity and infrastructure, including— #####
(A)facilitating the development of cyber data products and services requirements for the Cyberspace Operations Forces, conducting market research regarding the future cyber data products and services needs of the Cyberspace Operations Forces, and conducting acquisitions pursuant to such requirements and market research; #####
(B)coordinating cyber data products and services acquisition and management activities with Joint Cyber Warfighting Architecture acquisition and management activities, including activities germane to data storage, data management, and development of analytics; #####
(C)implementing relevant Department of Defense and United States Cyber Command policy germane to acquisition of cyber data products and services; #####
(D)leading or informing the integration of relevant datasets and services, including Government-produced threat data, commercial cyber threat information, collateral telemetry data, topology-relevant data, sensor data, and partner-provided data; and #####
(E)facilitating the development of tradecraft and operational workflows based on relevant cyber data products and services. ###
(b)Coordination In implementing this section, each component of the Department of Defense shall coordinate its cyber data products and services requirements and potential procurement plans relating to such products and services with the program management office established pursuant to subsection
(a)so as to enable such office to determine if satisfying such requirements or procurement of such products and services on an enterprise-wide basis would serve the best interests of the Department. ###
(c)Prohibition Beginning not later than 540 days after the date of the enactment of this Act, no component of the Department of Defense may independently procure a cyber data product or service that has been procured by the program management office established pursuant to subsection (a), unless— ####
(1)such component is able to procure such product or service at a lower per-unit price than that available through such office; ####
(2)such office has approved such independent purchase; or ####
(3)such component submits to such office a justification for such component to independently procure such product or service that such component determines as demonstrating— #####
(A)the compelling need for such product or service; and #####
(B)either the urgency for such product or service or the need to ensure competition in the market for such product or service supports such independent procurement by such component. ###
(d)Exception United States Cyber Command and the National Security Agency may conduct joint procurements of products and services, including cyber data products and services, except that the requirements of subsections
(b)and
(c)shall not apply to the National Security Agency. ###
(e)Definition In this section, the term “cyber data products and services” means commercially-available datasets and analytic services germane to offensive cyber, defensive cyber, and DODIN operations, including products and services that provide technical data, indicators, and analytic services relating to the targets, infrastructure, tools, and tactics, techniques, and procedures of cyber threats.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 1521
ENTERPRISE-WIDE PROCUREMENT OF CYBER DATA PRODUCTS AND SERVICES
Cites 1Cited by 0 across 0 sources