Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 · Sec. 6714

Sec. 6714. HARMONIZATION OF AUTHORIZATIONS TO OPERATE

978 words·~4 min read·/statute-compilations/comps-17475/sec-6714

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 6714 HARMONIZATION OF AUTHORIZATIONS TO OPERATE **[**[50 U.S.C. 3024 note](/us/usc/t50/s3024)**]** ###
(a)Definition of Appropriate Committees of Congress In this section, the term “appropriate committees of Congress” means— ####
(1)the congressional intelligence committees; ####
(2)the Committee on Armed Services of the Senate; ####
(3)the Committee on Appropriations of the Senate; ####
(4)the Committee on Armed Services of the House of Representatives; and ####
(5)the Committee on Appropriations of the House of Representatives. ###
(b)Protocol Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Secretary of Defense and the heads of the elements of the intelligence community, shall develop and submit to the appropriate committees of Congress a single protocol setting forth policies and procedures relating to authorizations to operate for Department of Defense or intelligence community systems held by industry providers. ###
(c)Limitation The protocol under subsection
(b)shall be limited to authorizations to operate for Department of Defense and intelligence community systems. ###
(d)Elements The protocol under subsection
(b)shall include, at a minimum, the following: ####
(1)A policy for reciprocal recognition, as appropriate, among the elements of the intelligence community and the Department of Defense of authorizations to operate held by commercial providers. Such reciprocal recognition shall be limited to authorizations to operate for systems that collect, process, maintain, use, share, disseminate, or dispose of data classified at an equal or lower classification level than the original authorization. ####
(2)Procedures under which, subject to such criteria as may be prescribed by the Director of National Intelligence jointly with the Secretary of Defense, a provider that holds an authorization to operate for a Department of Defense or intelligence community system may provide to the head of an element of the intelligence community or the Department of Defense the most recently updated version of any software, data, or application for use on such system without being required to submit an application for new or renewed authorization. ####
(3)Procedures for the review, renewal, and revocation of authorizations to operate held by commercial providers, including procedures for maintaining continuous authorizations to operate, subject to such conditions as may be prescribed by the Director of National Intelligence, in coordination with the Secretary of Defense. Such procedures may encourage greater use of modern security practices already being adopted by the Department of Defense and other Federal agencies, such as continuous authorization with system security focused on continuous monitoring of risk and security controls, active system defense, and the use of an approved mechanism for secure and continuous delivery of software (commonly referred to as “DevSecOps”). ####
(4)A policy for the harmonization of documentation requirements for commercial providers submitting applications for authorizations to operate, with the goal of a uniform requirement across the Department of Defense and the elements of the intelligence community (subject to exceptions established by the Director and the Secretary). Such policy shall include the following requirements: #####
(A)A requirement for the full disclosure of evidence in the reciprocity process across the Department of Defense and the elements of the intelligence community. #####
(B)With respect to a system with an existing authorization to operate, a requirement for approval by the Chief Information Officer or a designated official (as the head of the respective element of the intelligence community determines appropriate) for such system to operate at an equal or higher level classification level, to be granted prior to the performance of an additional security assessment with respect to such system, and regardless of which element of the intelligence community or Department of Defense granted the original authorization. ####
(5)A requirement to establish a joint secure portal of the Office of the Director of National Intelligence and the Department of Defense for the maintenance of records, applications, and system requirements for authorizations to operate. ####
(6)A plan to examine, and if necessary, address, the shortage of intelligence community and Department of Defense personnel authorized to support and grant an authorization to operate. Such plan shall include— #####
(A)a report on the current average wait times for authorizations to operate and backlogs, disaggregated by each element of the intelligence community and the Department of Defense; #####
(B)appropriate recommendations to increase pay or implement other incentives to recruit and retain such personnel; and #####
(C)a plan to leverage independent third-party assessment organizations to support assessments of applications for authorizations to operate. ####
(7)Procedures to ensure data security and safety with respect to the implementation of the protocol. ####
(8)A proposed timeline for the implementation of the protocol by the deadline specified in subsection (g). ###
(e)Coordinating Officials Not later than 60 days after the date of the enactment of this Act— ####
(1)the Director of National Intelligence shall designate an official of the Office of the Director of National Intelligence responsible for implementing this section on behalf of the Director and leading coordination across the intelligence community for such implementation; ####
(2)the Secretary of Defense shall designate an official of the Department of Defense responsible for implementing this section on behalf of the Secretary and leading coordination across the Department of Defense for such implementation; and ####
(3)each head of an element of the intelligence community shall designate an official of that element responsible for implementing this section and overseeing implementation of the protocol under subsection
(b)with respect to the element. ###
(f)Documentation Requirements Under the protocol under subsection (b), no head of a Federal agency may commence the operation of a system using an authorization to operate granted by another Federal agency without possessing documentation of the original authorization to operate. ###
(g)Implementation Required The protocol under subsection
(b)shall be implemented not later than January 1, 2025.
Connectionstraces to 1
Citation graph
cites case law
Sec. 6714
HARMONIZATION OF AUTHORIZATIONS TO OPERATE
U.S.C.§ 3024
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.