Sec. 1529. DEMONSTRATION PROGRAM FOR AUTOMATED SECURITY VALIDATION TOOLS
433 words·~2 min read·
/statute-compilations/comps-16861/sec-1529A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1529 DEMONSTRATION PROGRAM FOR AUTOMATED SECURITY VALIDATION TOOLS **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Demonstration Program Required Not later than October 1, 2024, the Chief Information Officer of the Department of Defense, acting through the Director of the Defense Information Systems Agency of the Department, shall complete a demonstration program to demonstrate and assess an automated security validation capability to assist the Department by— ####
(1)mitigating cyber hygiene challenges; ####
(2)supporting ongoing efforts of the Department to assess weapon systems resiliency; ####
(3)quantifying enterprise security effectiveness of enterprise security controls, to inform future acquisition decisions of the Department; ####
(4)assisting portfolio managers with balancing capability costs and capability coverage of the threat landscape; and ####
(5)supporting the Department’s Cybersecurity Analysis and Review threat framework. ###
(b)Considerations In developing capabilities for the demonstration program required under subsection (a), the Chief Information Officer shall consider— ####
(1)integration into automated security validation tools of advanced commercially available threat intelligence; ####
(2)metrics and scoring of security controls; ####
(3)cyber analysis, cyber campaign tracking, and cybersecurity information sharing; ####
(4)integration into cybersecurity enclaves and existing cybersecurity controls of security instrumentation and testing capability; ####
(5)endpoint sandboxing; and ####
(6)use of actual adversary attack methodologies. ###
(c)Coordination With Military Services In carrying out the demonstration program required under subsection (a), the Chief Information Officer, acting through the Director of the Defense Information Systems Agency, shall coordinate demonstration program activities with complementary efforts on-going within the military services, defense agencies, and field agencies. ###
(d)Independent Capability Assessment In carrying out the demonstration program required under subsection (a), the Chief Information Officer, acting through the Director of the Defense Information Systems Agency and in coordination with the Director, Operational Test and Evaluation, shall perform operational testing to evaluate the operational effectiveness, suitability, and cybersecurity of the capabilities developed under the demonstration program. ###
(e)Briefing ####
(1)Initial briefing Not later than April 1, 2022, the Chief Information Officer shall brief the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives on the plans and status of the Chief Information Officer with respect to the demonstration program required under subsection (a). ####
(2)Final briefing Not later than October 31, 2024, the Chief Information Officer shall brief the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives on the results and findings of the Chief Information Officer with respect to the demonstration program required under subsection (a).
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 1529
DEMONSTRATION PROGRAM FOR AUTOMATED SECURITY VALIDATION TOOLS
Cites 1Cited by 0 across 0 sources