
From the U.S. Code Online via GPO Access
[wais.access.gpo.gov]
[Laws in effect as of January 2, 2001]
[Document not affected by Public Laws enacted between
  January 2, 2001 and January 28, 2002]
[CITE: 10USC2224]

 
                         TITLE 10--ARMED FORCES
 
                    Subtitle A--General Military Law
 
                PART IV--SERVICE, SUPPLY, AND PROCUREMENT
 
                 CHAPTER 131--PLANNING AND COORDINATION
 
Sec. 2224. Defense Information Assurance Program

    (a) Defense Information Assurance Program.--The Secretary of Defense 
shall carry out a program, to be known as the ``Defense Information 
Assurance Program'', to protect and defend Department of Defense 
information, information systems, and information networks that are 
critical to the Department and the armed forces during day-to-day 
operations and operations in times of crisis.
    (b) Objectives and Minimum Requirements.--(1) The objectives of the 
program shall be to provide continuously for the availability, 
integrity, authentication, confidentiality, nonrepudiation, and rapid 
restitution of information and information systems that are essential 
elements of the Defense Information Infrastructure.
    (2) The program shall at a minimum meet the requirements of sections 
3534 and 3535 of title 44.
    (c) Program Strategy.--In carrying out the program, the Secretary 
shall develop a program strategy that encompasses those actions 
necessary to assure the readiness, reliability, continuity, and 
integrity of Defense information systems, networks, and infrastructure. 
The program strategy shall include the following:
        (1) A vulnerability and threat assessment of elements of the 
    defense and supporting nondefense information infrastructures that 
    are essential to the operations of the Department and the armed 
    forces.
        (2) Development of essential information assurances technologies 
    and programs.
        (3) Organization of the Department, the armed forces, and 
    supporting activities to defend against information warfare.
        (4) Joint activities of the Department with other departments 
    and agencies of the Government, State and local agencies, and 
    elements of the national information infrastructure.
        (5) The conduct of exercises, war games, simulations, 
    experiments, and other activities designed to prepare the Department 
    to respond to information warfare threats.
        (6) Development of proposed legislation that the Secretary 
    considers necessary for implementing the program or for otherwise 
    responding to the information warfare threat.

    (d) Coordination.--In carrying out the program, the Secretary shall 
coordinate, as appropriate, with the head of any relevant Federal agency 
and with representatives of those national critical information 
infrastructure systems that are essential to the operations of the 
Department and the armed forces on information assurance measures 
necessary to the protection of these systems.
    (e) Annual Report.--Each year, at or about the time the President 
submits the annual budget for the next fiscal year pursuant to section 
1105 of title 31, the Secretary shall submit to Congress a report on the 
Defense Information Assurance Program. Each report shall include the 
following:
        (1) Progress in achieving the objectives of the program.
        (2) A summary of the program strategy and any changes in that 
    strategy.
        (3) A description of the information assurance activities of the 
    Office of the Secretary of Defense, Joint Staff, unified and 
    specified commands, Defense Agencies, military departments, and 
    other supporting activities of the Department of Defense.
        (4) Program and budget requirements for the program for the past 
    fiscal year, current fiscal year, budget year, and each succeeding 
    fiscal year in the remainder of the current future-years defense 
    program.
        (5) An identification of critical deficiencies and shortfalls in 
    the program.
        (6) Legislative proposals that would enhance the capability of 
    the Department to execute the program.
        (7) A summary of the actions taken in the administration of 
    sections 3534 and 3535 of title 44 within the Department of Defense.

    (f) Information Assurance Test Bed.--The Secretary shall develop an 
information assurance test bed within the Department of Defense to 
provide--
        (1) an integrated organization structure to plan and facilitate 
    the conduct of simulations, war games, exercises, experiments, and 
    other activities to prepare and inform the Department regarding 
    information warfare threats; and
        (2) organization and planning means for the conduct by the 
    Department of the integrated or joint exercises and experiments with 
    elements of the national information systems infrastructure and 
    other non-Department of Defense organizations that are responsible 
    for the oversight and management of critical information systems and 
    infrastructures on which the Department, the armed forces, and 
    supporting activities depend for the conduct of daily operations and 
    operations during crisis.

(Added Pub. L. 106-65, div. A, title X, Sec. 1043(a), Oct. 5, 1999, 113 
Stat. 760; amended Pub. L. 106-398, Sec. 1 [[div. A], title X, 
Sec. 1063], Oct. 30, 2000, 114 Stat. 1654, 1654A-274.)


                               Amendments

    2000--Subsec. (b). Pub. L. 106-398, Sec. 1 [[div. A], title X, 
Sec. 1063(a)], substituted ``Objectives and Minimum Requirements'' for 
``Objectives of the Program'' in heading, designated existing provisions 
as par. (1), and added par. (2).
    Subsec. (e)(7). Pub. L. 106-398, Sec. 1 [[div. A], title X, 
Sec. 1063(b)], added par. (7).


                    Effective Date of 2000 Amendment

    Amendment by Pub. L. 106-398 effective 30 days after Oct. 30, 2000, 
see section 1 [[div. A], title X, Sec. 1065] of Pub. L. 106-398, set out 
as an Effective Date note under section 3531 of Title 44, Public 
Printing and Documents.


   Institute for Defense Computer Security and Information Protection

    Pub. L. 106-398, Sec. 1 [[div. A], title IX, Sec. 921], Oct. 30, 
2000, 114 Stat. 1654, 1654A-233, provided that:
    ``(a) Establishment.--The Secretary of Defense shall establish an 
Institute for Defense Computer Security and Information Protection.
    ``(b) Mission.--The Secretary shall require the institute--
        ``(1) to conduct research and technology development that is 
    relevant to foreseeable computer and network security requirements 
    and information assurance requirements of the Department of Defense 
    with a principal focus on areas not being carried out by other 
    organizations in the private or public sector; and
        ``(2) to facilitate the exchange of information regarding 
    cyberthreats, technology, tools, and other relevant issues.
    ``(c) Contractor Operation.--The Secretary shall enter into a 
contract with a not-for-profit entity, or a consortium of not-for-profit 
entities, to organize and operate the institute. The Secretary shall use 
competitive procedures for the selection of the contractor to the extent 
determined necessary by the Secretary.
    ``(d) Funding.--Of the amount authorized to be appropriated by 
section 301(5) [114 Stat. 1654A-52], $5,000,000 shall be available for 
the Institute for Defense Computer Security and Information Protection.
    ``(e) Report.--Not later than April 1, 2001, the Secretary shall 
submit to the congressional defense committees [Committees on Armed 
Services and Appropriations of the Senate and the House of 
Representatives] the Secretary's plan for implementing this section.''
