10 USC 2224: Defense Information Assurance Program
Result 1 of 1
   
 
<< Previous   TITLE 10 / Subtitle A / PART IV / CHAPTER 131 / § 2224   Next >>
 
10 USC 2224: Defense Information Assurance Program Text contains those laws in effect on January 2, 2001
From Title 10-ARMED FORCESSubtitle A-General Military LawPART IV-SERVICE, SUPPLY, AND PROCUREMENTCHAPTER 131-PLANNING AND COORDINATION
Jump To: Source CreditAmendmentsEffective DateMiscellaneous

§2224. Defense Information Assurance Program

(a) Defense Information Assurance Program.-The Secretary of Defense shall carry out a program, to be known as the "Defense Information Assurance Program", to protect and defend Department of Defense information, information systems, and information networks that are critical to the Department and the armed forces during day-to-day operations and operations in times of crisis.

(b) Objectives and Minimum Requirements.-(1) The objectives of the program shall be to provide continuously for the availability, integrity, authentication, confidentiality, nonrepudiation, and rapid restitution of information and information systems that are essential elements of the Defense Information Infrastructure.

(2) The program shall at a minimum meet the requirements of sections 3534 and 3535 of title 44.

(c) Program Strategy.-In carrying out the program, the Secretary shall develop a program strategy that encompasses those actions necessary to assure the readiness, reliability, continuity, and integrity of Defense information systems, networks, and infrastructure. The program strategy shall include the following:

(1) A vulnerability and threat assessment of elements of the defense and supporting nondefense information infrastructures that are essential to the operations of the Department and the armed forces.

(2) Development of essential information assurances technologies and programs.

(3) Organization of the Department, the armed forces, and supporting activities to defend against information warfare.

(4) Joint activities of the Department with other departments and agencies of the Government, State and local agencies, and elements of the national information infrastructure.

(5) The conduct of exercises, war games, simulations, experiments, and other activities designed to prepare the Department to respond to information warfare threats.

(6) Development of proposed legislation that the Secretary considers necessary for implementing the program or for otherwise responding to the information warfare threat.


(d) Coordination.-In carrying out the program, the Secretary shall coordinate, as appropriate, with the head of any relevant Federal agency and with representatives of those national critical information infrastructure systems that are essential to the operations of the Department and the armed forces on information assurance measures necessary to the protection of these systems.

(e) Annual Report.-Each year, at or about the time the President submits the annual budget for the next fiscal year pursuant to section 1105 of title 31, the Secretary shall submit to Congress a report on the Defense Information Assurance Program. Each report shall include the following:

(1) Progress in achieving the objectives of the program.

(2) A summary of the program strategy and any changes in that strategy.

(3) A description of the information assurance activities of the Office of the Secretary of Defense, Joint Staff, unified and specified commands, Defense Agencies, military departments, and other supporting activities of the Department of Defense.

(4) Program and budget requirements for the program for the past fiscal year, current fiscal year, budget year, and each succeeding fiscal year in the remainder of the current future-years defense program.

(5) An identification of critical deficiencies and shortfalls in the program.

(6) Legislative proposals that would enhance the capability of the Department to execute the program.

(7) A summary of the actions taken in the administration of sections 3534 and 3535 of title 44 within the Department of Defense.


(f) Information Assurance Test Bed.-The Secretary shall develop an information assurance test bed within the Department of Defense to provide-

(1) an integrated organization structure to plan and facilitate the conduct of simulations, war games, exercises, experiments, and other activities to prepare and inform the Department regarding information warfare threats; and

(2) organization and planning means for the conduct by the Department of the integrated or joint exercises and experiments with elements of the national information systems infrastructure and other non-Department of Defense organizations that are responsible for the oversight and management of critical information systems and infrastructures on which the Department, the armed forces, and supporting activities depend for the conduct of daily operations and operations during crisis.

(Added Pub. L. 106–65, div. A, title X, §1043(a), Oct. 5, 1999, 113 Stat. 760 ; amended Pub. L. 106–398, §1 [[div. A], title X, §1063], Oct. 30, 2000, 114 Stat. 1654 , 1654A-274.)

Amendments

2000-Subsec. (b). Pub. L. 106–398, §1 [[div. A], title X, §1063(a)], substituted "Objectives and Minimum Requirements" for "Objectives of the Program" in heading, designated existing provisions as par. (1), and added par. (2).

Subsec. (e)(7). Pub. L. 106–398, §1 [[div. A], title X, §1063(b)], added par. (7).

Effective Date of 2000 Amendment

Amendment by Pub. L. 106–398 effective 30 days after Oct. 30, 2000, see section 1 [[div. A], title X, §1065] of Pub. L. 106–398, set out as an Effective Date note under section 3531 of Title 44, Public Printing and Documents.

Institute for Defense Computer Security and Information Protection

Pub. L. 106–398, §1 [[div. A], title IX, §921], Oct. 30, 2000, 114 Stat. 1654 , 1654A-233, provided that:

"(a) Establishment.-The Secretary of Defense shall establish an Institute for Defense Computer Security and Information Protection.

"(b) Mission.-The Secretary shall require the institute-

"(1) to conduct research and technology development that is relevant to foreseeable computer and network security requirements and information assurance requirements of the Department of Defense with a principal focus on areas not being carried out by other organizations in the private or public sector; and

"(2) to facilitate the exchange of information regarding cyberthreats, technology, tools, and other relevant issues.

"(c) Contractor Operation.-The Secretary shall enter into a contract with a not-for-profit entity, or a consortium of not-for-profit entities, to organize and operate the institute. The Secretary shall use competitive procedures for the selection of the contractor to the extent determined necessary by the Secretary.

"(d) Funding.-Of the amount authorized to be appropriated by section 301(5) [114 Stat. 1654A–52], $5,000,000 shall be available for the Institute for Defense Computer Security and Information Protection.

"(e) Report.-Not later than April 1, 2001, the Secretary shall submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] the Secretary's plan for implementing this section."