Sec. 1546. RISK FRAMEWORK FOR FOREIGN MOBILE APPLICATIONS OF CONCERN
559 words·~3 min read·
/statute-compilations/comps-18280/sec-1546A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1546 RISK FRAMEWORK FOR FOREIGN MOBILE APPLICATIONS OF CONCERN ###
(a)In General Not later than 180 days after the date of the enactment of this Act, the Chief Information Officer of the Department of Defense, in coordination with the Under Secretary of Defense for Intelligence and Security, shall submit to Congress a report on— ####
(1)the feasibility and advisability of developing comprehensive guidance on personal mobile devices and mobile applications for personnel of the Department of Defense; ####
(2)the feasibility and advisability of developing categorical definitions of mobile applications of concern with respect to personnel or operations of the Department of Defense; ####
(3)the feasibility and advisability of creating, and updating not less than annually, a risk framework with respect to Department personnel or operations that assesses mobile applications or groupings thereof for potential risks to the personnel or operations of the Department, including— #####
(A)the collection, retention, sale, and potential misuse of data; #####
(B)exposure to misinformation and disinformation; #####
(C)software bill of materials; and #####
(D)ownership, origination, authorship, or other relationship of an application with the governments of the Russian Federation, the People’s Republic of China, the Islamic Republic of Iran, or the Democratic People’s Republic of Korea; ####
(4)a description of any statutory or policy restrictions affecting ability of the Department to provide guidance to personnel of the Department regarding personal mobile devices and applications, including any variations of such guidance based on location, status, visibility, or work role; and ####
(5)such other information as the Chief Information Officer of the Department of Defense determines appropriate. ###
(b)Annual Report Not later than 180 days after the date of the enactment of this Act, and annually thereafter until December 31, 2027, the Chief Information Officer of the Department of Defense, in coordination with the Under Secretary of Defense for Intelligence and Security, shall provide to Congress a report describing— ####
(1)not fewer than 10 mobile applications or application groupings of particular concern to the Department of Defense, including a description of the problematic characteristics of such applications or application groupings; ####
(2)the current guidance of the Department related to personal mobile devices and mobile applications and, except for the first report submitted under this subsection, including a description of any changes to such guidance during the period since the previous report was submitted under this subsection; ####
(3)the current and planned workforce education efforts undertaken by components of the Department that provide best practices, guidance, requirements, or other relevant material to personnel of the Department regarding personal mobile device and mobile applications, and, except for the first report submitted under this subsection, a description of any changes in such efforts during the period since the previous report was submitted under this subsection; and ####
(4)any changes to the assessments of feasibility and advisability in the report required under subsection (a). ###
(c)Update Briefing Not later than April 30, 2025, the Chief Information Officer of the Department of the Defense, in coordination with the Under Secretary of Defense for Intelligence and Security, shall provide to Congress a briefing on the status of the report required under subsection (a). ###
(d)Report Form The reports required under this section shall be in an unclassified form, but may include a classified annex.