Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · National Defense Authorization Act for Fiscal Year 2024 · Sec. 1537

Sec. 1537. REQUIREMENTS FOR IMPLEMENTATION OF USER ACTIVITY MONITORING FOR CERTAIN PERSONNEL

369 words·~2 min read·/statute-compilations/comps-17632/sec-1537

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1537 REQUIREMENTS FOR IMPLEMENTATION OF USER ACTIVITY MONITORING FOR CERTAIN PERSONNEL **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)In General The Secretary of Defense shall require each head of a component of the Department of Defense to fully implement each directive, policy, and program requirement for user activity monitoring and least privilege access controls with respect to the personnel of that component, including Federal employees and contractors, granted access to classified information and classified networks, including the following directives (and any successor directives): ####
(1)The Committee on National Security Systems Directive 504, issued on February 4, 2014, relating to the protection of national security systems from insider threats (including any annex to such directive). ####
(2)Department of Defense Directive 5205.16, issued on September 30, 2014, relating to the insider threat program of the Department of Defense. ###
(b)Additional Requirement The Secretary of Defense shall require each head of a component of the Department of Defense to implement, with respect to systems, devices, and personnel of the component, automated controls to detect and prohibit privileged user accounts from performing general user activities not requiring privileged access. ###
(c)Periodic Testing The Secretary shall require that, not less frequently than once every two years, each head of a component of the Department of Defense— ####
(1)conducts insider threat testing using threat-realistic tactics, techniques, and procedures; and ####
(2)submits to the Under Secretary of Defense for Intelligence and Security, the Chief Information Officer of the Department of Defense, and the Director of Operational Test and Evaluation of the Department of Defense a report on the findings of the head with respect to the testing conducted pursuant to paragraph (1). ###
(d)Report Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the appropriate congressional committees a report on the implementation of this section. ###
(e)Appropriate Congressional Committees Defined In this section, the term “appropriate congressional committees” means— ####
(1)the Committee on Armed Services and the Permanent Select Committee on Intelligence of the House of Representatives; and ####
(2)the Committee on Armed Services and the Select Committee on Intelligence of the Senate.
Connectionstraces to 1
Citation graph
cites case law
Sec. 1537
REQUIREMENTS FOR IMPLEMENTATION OF USER ACTIVITY MONITORING FOR CERTAIN PERSONNEL
U.S.C.§ 2224
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.