2018 US Code
Title 10 - Armed Forces
Subtitle A - General Military Law
Part IV - Service, Supply, and Procurement
Chapter 131 - Planning and Coordination
Sec. 2223 - Information technology: additional responsibilities of Chief Information Officers
| 10 U.S.C. § 2223 (2018) |
| §2223. Information technology: additional responsibilities of Chief Information Officers |
|
(a) Additional Responsibilities of Chief Information Officer of Department of Defense.—In addition to the responsibilities provided for in chapter 35 of title 44 and in section 11315 of title 40, the Chief Information Officer of the Department of Defense shall— (1) review and provide recommendations to the Secretary of Defense on Department of Defense budget requests for information technology and national security systems; (2) ensure the interoperability of information technology and national security systems throughout the Department of Defense; (3) ensure that information technology and national security systems standards that will apply throughout the Department of Defense are prescribed; (4) provide for the elimination of duplicate information technology and national security systems within and between the military departments and Defense Agencies; and (5) maintain a consolidated inventory of Department of Defense mission critical and mission essential information systems, identify interfaces between those systems and other information systems, and develop and maintain contingency plans for responding to a disruption in the operation of any of those information systems. (b) Additional Responsibilities of Chief Information Officer of Military Departments.—In addition to the responsibilities provided for in chapter 35 of title 44 and in section 11315 of title 40, the Chief Information Officer of a military department, with respect to the military department concerned, shall— (1) review budget requests for all information technology and national security systems; (2) ensure that information technology and national security systems are in compliance with standards of the Government and the Department of Defense; (3) ensure that information technology and national security systems are interoperable with other relevant information technology and national security systems of the Government and the Department of Defense; and (4) coordinate with the Joint Staff with respect to information technology and national security systems. (c) Definitions.—In this section: (1) The term "Chief Information Officer" means the senior official designated by the Secretary of Defense or a Secretary of a military department pursuant to section 3506 of title 44. (2) The term "information technology" has the meaning given that term by section 11101 of title 40. (3) The term "national security system" has the meaning given that term by section 3552(b)(6) of title 44. |
|
(Added Pub. L. 105–261, div. A, title III, §331(a)(1), Oct. 17, 1998, 112 Stat. 1967; amended Pub. L. 106–398, §1 [[div. A], title VIII, §811(a)], Oct. 30, 2000, 114 Stat. 1654, 1654A–210; Pub. L. 107–217, §3(b)(1), Aug. 21, 2002, 116 Stat. 1295; Pub. L. 109–364, div. A, title IX, §906(b), Oct. 17, 2006, 120 Stat. 2354; Pub. L. 113–283, §2(e)(5)(B), Dec. 18, 2014, 128 Stat. 3087; Pub. L. 114–92, div. A, title X, §1081(a)(7), Nov. 25, 2015, 129 Stat. 1001.) |
|
AMENDMENTS
2015—Subsec. (c)(3). Pub. L. 114–92 substituted "section 3552(b)(6)" for "section 3552(b)(5)". 2014—Subsec. (c)(3). Pub. L. 113–283 substituted "section 3552(b)(5)" for "section 3542(b)(2)". 2006—Subsec. (c)(3). Pub. L. 109–364 substituted "section 3542(b)(2) of title 44" for "section 11103 of title 40". 2002—Subsecs. (a), (b). Pub. L. 107–217, §3(b)(1)(A), (B), substituted "section 11315 of title 40" for "section 5125 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1425)" in introductory provisions. Subsec. (c)(2). Pub. L. 107–217, §3(b)(1)(C), substituted "section 11101 of title 40" for "section 5002 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1401)". Subsec. (c)(3). Pub. L. 107–217, §3(b)(1)(D), substituted "section 11103 of title 40" for "section 5142 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1452)". 2000—Subsec. (a)(5). Pub. L. 106–398 added par. (5). EFFECTIVE DATEPub. L. 105–261, div. A, title III, §331(b), Oct. 17, 1998, 112 Stat. 1968, provided that: "Section 2223 of title 10, United States Code, as added by subsection (a), shall take effect on October 1, 1998." PILOT PROGRAM FOR OPEN SOURCE SOFTWAREPub. L. 115–91, div. A, title VIII, §875, Dec. 12, 2017, 131 Stat. 1503, provided that: "(a) In General.—Not later than 180 days after the date of the enactment of this Act [Dec. 12, 2017], the Secretary of Defense shall initiate for the Department of Defense the open source software pilot program established by the Office of Management and Budget Memorandum M-16-21 titled 'Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software' and dated August 8, 2016. "(b) Report to Congress.—Not later than 60 days after the date of the enactment of this Act, the Secretary of Defense shall provide a report to Congress with details of the plan of the Department of Defense to implement the pilot program required by subsection (a). Such plan shall include identifying candidate software programs, selection criteria, intellectual property and licensing issues, and other matters determined by the Secretary. "(c) Comptroller General Report.—Not later than June 1, 2019, the Comptroller General of the United States shall provide a report to Congress on the implementation of the pilot program required by subsection (a) by the Secretary of Defense. The report shall address, at a minimum, the compliance of the Secretary with the requirements of the Office of Management and Budget Memorandum M-16-21, the views of various software and information technology stakeholders in the Department of Defense, and any other matters determined by the Comptroller General." PILOT PROGRAM ON EVALUATION OF COMMERCIAL INFORMATION TECHNOLOGYPub. L. 114–328, div. A, title II, §232, Dec. 23, 2016, 130 Stat. 2061, provided that: "(a) Pilot Program.—The Director of the Defense Information Systems Agency may carry out a pilot program to evaluate commercially available information technology tools to better understand the potential impact of such tools on networks and computing environments of the Department of Defense. "(b) Activities.—Activities under the pilot program may include the following: "(1) Prototyping, experimentation, operational demonstration, military user assessments, and other means of obtaining quantitative and qualitative feedback on the commercial information technology products. "(2) Engagement with the commercial information technology industry to— "(A) forecast military requirements and technology needs; and "(B) support the development of market strategies and program requirements before finalizing acquisition decisions and strategies. "(3) Assessment of novel or innovative commercial technology for use by the Department of Defense. "(4) Assessment of novel or innovative contracting mechanisms to speed delivery of capabilities to the Armed Forces. "(5) Solicitation of operational user input to shape future information technology requirements of the Department of Defense. "(c) Limitation on Availability of Funds.—Of the amounts authorized to be appropriated for research, development, test, and evaluation, Defense-wide, for each of fiscal years 2017 through 2022, not more than $15,000,000 may be expended on the pilot program in any such fiscal year." ADDITIONAL REQUIREMENTS RELATING TO THE SOFTWARE LICENSES OF THE DEPARTMENT OF DEFENSEPub. L. 113–66, div. A, title IX, §935, Dec. 26, 2013, 127 Stat. 833, provided that: "(a) Updated Plan.— "(1) Update.—The Chief Information Officer of the Department of the Defense shall, in consultation with the chief information officers of the military departments and the Defense Agencies, update the plan for the inventory of selected software licenses of the Department of Defense required under section 937 of the National Defense Authorization Act for 2013 [probably means the National Defense Authorization Act for Fiscal Year 2013] (Public Law 112–239; 10 U.S.C. 2223 note) to include a plan for the inventory of all software licenses of the Department of Defense for which a military department spends more than $5,000,000 annually on any individual title, including a comparison of licenses purchased with licenses in use. "(2) Elements.—The update required under paragraph (1) shall— "(A) include plans for implementing an automated solution capable of reporting the software license compliance position of the Department and providing a verified audit trail, or an audit trail otherwise produced and verified by an independent third party; "(B) include details on the process and business systems necessary to regularly perform reviews, a procedure for validating and reporting deregistering and registering new software, and a mechanism and plan to relay that information to the appropriate chief information officer; and "(C) a proposed timeline for implementation of the updated plan in accordance with paragraph (3). "(3) Submission.—Not later than September 30, 2015, the Chief Information Officer of the Department of Defense shall submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] the updated plan required under paragraph (1). "(b) Performance Plan.—If the Chief Information Officer of the Department of Defense determines through the implementation of the process and business systems in the updated plan required by subsection (a) that the number of software licenses of the Department for an individual title for which a military department spends greater than $5,000,000 annually exceeds the needs of the Department for such software licenses, or the inventory discloses that there is a discrepancy between the number of software licenses purchased and those in actual use, the Chief Information Officer of the Department of Defense shall implement a plan to bring the number of such software licenses into balance with the needs of the Department and the terms of any relevant contract." COLLECTION AND ANALYSIS OF NETWORK FLOW DATAPub. L. 112–239, div. A, title IX, §935, Jan. 2, 2013, 126 Stat. 1886, provided that: "(a) Development of Technologies.—The Chief Information Officer of the Department of Defense may, in coordination with the Under Secretary of Defense for Policy and the Under Secretary of Defense for Intelligence and acting through the Director of the Defense Information Systems Agency, use the available funding and research activities and capabilities of the Community Data Center of the Defense Information Systems Agency to develop and demonstrate collection, processing, and storage technologies for network flow data that— "(1) are potentially scalable to the volume used by Tier 1 Internet Service Providers to collect and analyze the flow data across their networks; "(2) will substantially reduce the cost and complexity of capturing and analyzing high volumes of flow data; and "(3) support the capability— "(A) to detect and identify cyber security threats, networks of compromised computers, and command and control sites used for managing illicit cyber operations and receiving information from compromised computers; "(B) to track illicit cyber operations for attribution of the source; and "(C) to provide early warning and attack assessment of offensive cyber operations. "(b) Coordination.—Any research and development required in the development of the technologies described in subsection (a) shall be conducted in cooperation with the heads of other appropriate departments and agencies of the Federal Government and, whenever feasible, Tier 1 Internet Service Providers and other managed security service providers." COMPETITION FOR LARGE-SCALE SOFTWARE DATABASE AND DATA ANALYSIS TOOLSPub. L. 112–239, div. A, title IX, §936, Jan. 2, 2013, 126 Stat. 1886, provided that: "(a) Analysis.— "(1) Requirement.—The Secretary of Defense, acting through the Chief Information Officer of the Department of Defense, shall conduct an analysis of large-scale software database tools and large-scale software data analysis tools that could be used to meet current and future Department of Defense needs for large-scale data analytics. "(2) Elements.—The analysis required under paragraph (1) shall include— "(A) an analysis of the technical requirements and needs for large-scale software database and data analysis tools, including prioritization of key technical features needed by the Department of Defense; and "(B) an assessment of the available sources from Government and commercial sources to meet such needs, including an assessment by the Deputy Assistant Secretary of Defense for Manufacturing and Industrial Base Policy to ensure sufficiency and diversity of potential commercial sources. "(3) Submission.—Not later than 180 days after the date of the enactment of this Act [Jan. 2, 2013], the Chief Information Officer shall submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] the results of the analysis required under paragraph (1). "(b) Competition Required.— "(1) In general.—If, following the analysis required under subsection (a), the Chief Information Officer of the Department of Defense identifies needs for software systems or large-scale software database or data analysis tools, the Department shall acquire such systems or such tools based on market research and using competitive procedures in accordance with applicable law and the Defense Federal Acquisition Regulation Supplement. "(2) Notification.—If the Chief Information Officer elects to acquire large-scale software database or data analysis tools using procedures other than competitive procedures, the Chief Information Officer and the Under Secretary of Defense for Acquisition, Technology, and Logistics shall submit a written notification to the congressional defense committees on a quarterly basis until September 30, 2018, that describes the acquisition involved, the date the decision was made, and the rationale for not using competitive procedures." Pub. L. 112–239, div. A, title IX, §937, Jan. 2, 2013, 126 Stat. 1887, provided that: "(a) Plan for Inventory of Licenses.— "(1) In general.—Not later than 180 days after the date of the enactment of this Act [Jan. 2, 2013], the Chief Information Officer of the Department of the [sic] Defense shall, in consultation with the chief information officers of the military departments and the Defense Agencies, issue a plan for the inventory of selected software licenses of the Department of Defense, including a comparison of licenses purchased with licenses installed. "(2) Selected software licenses.—The Chief Information Officer shall determine the software licenses to be treated as selected software licenses of the Department for purposes of this section. The licenses shall be determined so as to maximize the return on investment in the inventory conducted pursuant to the plan required by paragraph (1). "(3) Plan elements.—The plan under paragraph (1) shall include the following: "(A) An identification and explanation of the software licenses determined by the Chief Information Officer under paragraph (2) to be selected software licenses for purposes of this section, and a summary outline of the software licenses determined not to be selected software licenses for such purposes. "(B) Means to assess the needs of the Department and the components of the Department for selected software licenses during the two fiscal years following the date of the issuance of the plan. "(C) Means by which the Department can achieve the greatest possible economies of scale and cost savings in the procurement, use, and optimization of selected software licenses. "(b) Performance Plan.—If the Chief Information Officer determines through the inventory conducted pursuant to the plan required by subsection (a) that the number of selected software licenses of the Department and the components of the Department exceeds the needs of the Department for such software licenses, the Secretary of Defense shall implement a plan to bring the number of such software licenses into balance with the needs of the Department." OZONE WIDGET FRAMEWORKPub. L. 112–81, div. A, title IX, §924, Dec. 31, 2011, 125 Stat. 1539, provided that: "(a) Mechanism for Internet Publication of Information for Development of Analysis Tools and Applications.—The Chief Information Officer of the Department of Defense, acting through the Director of the Defense Information Systems Agency, shall implement a mechanism to publish and maintain on the public Internet the application programming interface specifications, a developer's toolkit, source code, and such other information on, and resources for, the Ozone Widget Framework (OWF) as the Chief Information Officer considers necessary to permit individuals and companies to develop, integrate, and test analysis tools and applications for use by the Department of Defense and the elements of the intelligence community. "(b) Process for Voluntary Contribution of Improvements by Private Sector.—In addition to the requirement under subsection (a), the Chief Information Officer shall also establish a process by which private individuals and companies may voluntarily contribute the following: "(1) Improvements to the source code and documentation for the Ozone Widget Framework. "(2) Alternative or compatible implementations of the published application programming interface specifications for the Framework. "(c) Encouragement of Use and Development.—The Chief Information Officer shall, whenever practicable, encourage and foster the use, support, development, and enhancement of the Ozone Widget Framework by the computer industry and commercial information technology vendors, including the development of tools that are compatible with the Framework." CONTINUOUS MONITORING OF DEPARTMENT OF DEFENSE INFORMATION SYSTEMS FOR CYBERSECURITYPub. L. 111–383, div. A, title IX, §931, Jan. 7, 2011, 124 Stat. 4334, provided that: "(a) In General.—The Secretary of Defense shall direct the Chief Information Officer of the Department of Defense to work, in coordination with the Chief Information Officers of the military departments and the Defense Agencies and with senior cybersecurity and information assurance officials within the Department of Defense and otherwise within the Federal Government, to achieve, to the extent practicable, the following: "(1) The continuous prioritization of the policies, principles, standards, and guidelines developed under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) based upon the evolving threat of information security incidents with respect to national security systems, the vulnerability of such systems to such incidents, and the consequences of information security incidents involving such systems. "(2) The automation of continuous monitoring of the effectiveness of the information security policies, procedures, and practices within the information infrastructure of the Department of Defense, and the compliance of that infrastructure with such policies, procedures, and practices, including automation of— "(A) management, operational, and technical controls of every information system identified in the inventory required under section 3505(c) of title 44, United States Code; and "(B) management, operational, and technical controls relied on for evaluations under [former] section 3545 of title 44, United States Code [see now 44 U.S.C. 3555]. "(b) Definitions.—In this section: "(1) The term 'information security incident' means an occurrence that— "(A) actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information such system processes, stores, or transmits; or "(B) constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies with respect to an information system. "(2) The term 'information infrastructure' means the underlying framework, equipment, and software that an information system and related assets rely on to process, transmit, receive, or store information electronically. "(3) The term 'national security system' has the meaning given that term in [former] section 3542(b)(2) of title 44, United States Code [see now 44 U.S.C. 3552(b)(6)]." |
| United States Code, 2018 Edition, Title 10 - ARMED FORCES |
| Bills and Statutes |
| United States Code |
| Y 1.2/5: |
| Title 10 - ARMED FORCES Subtitle A - General Military Law PART IV - SERVICE, SUPPLY, AND PROCUREMENT CHAPTER 131 - PLANNING AND COORDINATION Sec. 2223 - Information technology: additional responsibilities of Chief Information Officers |
| section 2223 |
| 2018 |
| January 14, 2019 |
| Yes |
| standard |
| 112 Stat. 1967, 1968 114 Stat. 1654 116 Stat. 1295 120 Stat. 2354 124 Stat. 4334 125 Stat. 1539 126 Stat. 1886, 1887 127 Stat. 833 128 Stat. 3087 129 Stat. 1001 130 Stat. 2061 131 Stat. 1503 |
| Public Law 105-261, Public Law 106-398, Public Law 107-217, Public Law 109-364, Public Law 111-383, Public Law 112-81, Public Law 112-239, Public Law 113-66, Public Law 113-283, Public Law 114-92, Public Law 114-328, Public Law 115-91 |
