Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · National Defense Authorization Act for Fiscal Year 2024 · Sec. 1516

Sec. 1516. ESTABLISHMENT OF CERTAIN IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT ACTIVITIES AS PROGRAM OF RECORD

587 words·~3 min read·/statute-compilations/comps-17632/sec-1516

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1516 ESTABLISHMENT OF CERTAIN IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT ACTIVITIES AS PROGRAM OF RECORD **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Establishment of Program of Record ####
(1)Program of record Except as provided in subsection (b), not later than 120 days after the date of the enactment of this Act, the Secretary of Defense shall establish a program of record, governed by standard Department of Defense requirements and practices, and transition all covered activities to such program of record. ####
(2)Objectives The program of record under subsection
(a)shall include, at a minimum, covered activities undertaken to achieve the following objectives: #####
(A)Correcting weaknesses in authentication and credentialing security, including with respect to the program of the Department of Defense known as the “Public Key Infrastructure” program (or any successor program), identified by the Director of Operational Test and Evaluation in a report submitted to Congress in April, 2023, titled “FY14-21 Observations of the Compromise of Cyber Credentials”. #####
(B)Implementing improved authentication technologies, such as biometric and behavioral authentication techniques and other non-password-based solutions. ####
(3)Briefing Not later than 150 days after the date of the enactment of this Act, the Secretary of Defense shall provide to the congressional defense committees a briefing on the covered activities to be included under the program of record under subsection (a). ###
(b)Waiver Authority ####
(1)Authority The Secretary of Defense may waive the requirement under subsection
(a)if the Secretary of Defense determines that the objectives listed in paragraph
(2)of such subsection would be better achieved, and the level of rigor of the operational testing and oversight requirements applicable to such objectives would be improved, through a management approach other than the establishment of a program of record and transition of covered activities to such program of record. ####
(2)Justification Not later than 14 days after issuing a waiver under paragraph (1), the Secretary of Defense shall submit to the congressional defense committees a detailed justification for the waiver, including— #####
(A)an explanation of why the establishment of a program of record is not the preferred approach to achieve the objectives listed in subsection (a)(2); #####
(B)details relating to the management approach proposed to be implemented in lieu of the establishment of a program of record; #####
(C)an implementation plan for such proposed alternative approach; and #####
(D)such other information as the Secretary of Defense determines appropriate. ###
(c)Designation of Data Attributes Not later than 120 days after the date of the enactment of this Act, the Chief Information Officer of the Department of Defense, in coordination with the Secretaries of the military departments, shall complete the designation of Tier 1 level data attributes to be used as a baseline set of standardized attributes for identity, credential, and access management, Defense-wide. ###
(d)Briefing Upon completing the requirement under subsection (c), the Chief Information Officer of the Department of Defense and the Secretaries of the military departments shall provide to the Committees on Armed Services of the House of Representatives and the Senate a briefing on the activities carried out under this section. ###
(e)Definitions In this section: ####
(1)The term “covered activity” means any activity of the Office of the Secretary of Defense or a Defense Agency relating to the identity, credential, and access management initiative of the Department of Defense. ####
(2)The term “Defense Agency” has the meaning given that term in section 101 of title 10, United States Code.
Connectionstraces to 1
Citation graph
cites case law
Sec. 1516
ESTABLISHMENT OF CERTAIN IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT ACTIVITIES AS PROGRAM OF RECORD
U.S.C.§ 2224
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.