2021 US Code
Title 10 - Armed Forces
Subtitle A - General Military Law
Part I - Organization and General Military Powers
Chapter 24 - Nuclear Posture
Sec. 499 - Annual assessment of cyber resiliency of nuclear command and control system

(a) In General.—Not less frequently than annually, the Commander of the United States Strategic Command and the Commander of the United States Cyber Command (in this section referred to collectively as the "Commanders") shall jointly conduct an assessment of the cyber resiliency of the nuclear command and control system.

(b) Elements.—In conducting the assessment required by subsection (a), the Commanders shall—

(c) Reports Required.—(1) For each assessment conducted under subsection (a), the Commanders shall jointly submit to the Chairman of the Joint Chiefs of Staff, for submission to the Council on Oversight of the National Leadership Command, Control, and Communications System established under section 171a of this title, a report on the assessment that includes the following:

(2) The Council shall submit to the Secretary of Defense each report required by paragraph (1) and any comments of the Council on each report.

(3) Not later than 90 days after the date of the submission of a report under paragraph (1), the Secretary of Defense shall submit to the congressional defense committees the report, any comments of the Council on the report under paragraph (2), and any comments of the Secretary on the report.

(d) Quarterly Briefings.—Not less than once every quarter, the Deputy Secretary of Defense and the Vice Chairman of the Joint Chiefs of Staff shall jointly provide to the Committees on Armed Services of the House of Representatives and the Senate a briefing on any known or suspected critical intelligence parameter breaches that were identified during the previous quarter, including an assessment of any known or suspected impacts of such breaches to the mission effectiveness of military capabilities as of the date of the briefing or thereafter.

(e) Termination.—The requirements of this section shall terminate on December 31, 2027.

(Added Pub. L. 115–91, div. A, title XVI, §1651(a), Dec. 12, 2017, 131 Stat. 1756; amended Pub. L. 117–81, div. A, title XV, §1534, Dec. 27, 2021, 135 Stat. 2054.)

2021—Subsec. (c). Pub. L. 117–81, §1534(1), substituted "Reports" for "Report" in heading.

Subsec. (c)(1). Pub. L. 117–81, §1534(2), substituted "For each assessment conducted under subsection (a), the Commanders" for "The Commanders" and "the assessment" for "the assessment required by subsection (a)" in introductory provisions.

Subsec. (c)(2). Pub. L. 117–81, §1534(3), which directed substitution of "each report" for "the report", was executed by making the substitution in both places it appeared, to reflect the probable intent of Congress.

Subsec. (c)(3). Pub. L. 117–81, §1534(4), substituted "Not later than 90 days after the date of the submission of a report under paragraph (1), the Secretary" for "The Secretary" and struck out "required by paragraph (1)" before ", any comments".

Pub. L. 116–283, div. A, title XVII, §1747, Jan. 1, 2021, 134 Stat. 4140, provided that:

"(a) Plan for Implementation of Findings and Recommendations From First Annual Assessment of Cyber Resiliency of Nuclear Command and Control System.—Not later than October 1, 2021, the Secretary of Defense shall submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] a comprehensive plan, including a schedule and resourcing plan, for the implementation of the findings and recommendations included in the first report submitted under section 499(c)(3) of title 10, United States Code.

"(b) Concept of Operations and Oversight Mechanism for Cyber Defense of Nuclear Command and Control System.—Not later than October 1, 2021, the Secretary shall develop and establish—