Quick search by citation:

10 U.S. Code § 142 - Chief Information Officer

(a)
There is a Chief Information Officer of the Department of Defense, who shall be appointed by the President, by and with the advice and consent of the Senate, from among civilians who are qualified to serve as such officer.
(b)
(1) The Chief Information Officer of the Department of Defense
(A)
is the Chief Information Officer of the Department of Defense for the purposes of sections 3506(a)(2) and 3544(a)(3) of title 44;
(B)
has the responsibilities and duties specified in sections 11315 and 11319 of title 40;
(C)
has the responsibilities specified for the Chief Information Officer in sections 2223(a) and 2224 of this title;
(D)
exercises authority, direction, and control over the Activities of the Cybersecurity Directorate, or any successor organization, of the National Security Agency, funded through the Information Systems Security Program;
(E)
exercises authority, direction, and control over the Defense Information Systems Agency, or any successor organization;
(F)
has the responsibilities for policy, oversight, guidance, and coordination for all Department of Defense matters related to electromagnetic spectrum, including coordination with other Federal and industry agencies, coordination for classified programs, and in coordination with the Under Secretary for Personnel and Readiness, policies related to spectrum management workforce;
(G)
has the responsibilities for policy, oversight, and guidance for matters related to precision navigation and timing; and
(H)
has the responsibilities for policy, oversight, and guidance for the architecture and programs related to the information technology, networking, information assurance, cybersecurity, and cyber capability architectures of the Department.
(2)
(A)
The Secretary of Defense, acting through the Under Secretary of Defense (Comptroller), shall require the Secretaries of the military departments and the heads of the Defense Agencies with responsibilities associated with any activity specified in paragraph (1) to transmit the proposed budget for such activities for a fiscal year and for the period covered by the future-years defense program submitted to Congress under section 221 of this title for that fiscal year to the Chief Information Officer for review under subparagraph (B) before submitting the proposed budget to the Under Secretary of Defense (Comptroller).
(B)
The Chief Information Officer shall review each proposed budget transmitted under subparagraph (A) and, not later than January 31 of the year preceding the fiscal year for which the budget is proposed, shall submit to the Secretary of Defense a report containing the comments of the Chief Information Officer with respect to all such proposed budgets, together with the certification of the Chief Information Officer regarding whether each proposed budget is adequate.
(C) Not later than March 31 of each year, the Secretary of Defense shall submit to Congress a report specifying each proposed budget contained in the most-recent report submitted under subparagraph (B) that the Chief Information Officer did not certify to be adequate. The report of the Secretary shall include the following matters:
(i)
A discussion of the actions that the Secretary proposes to take, together with any recommended legislation that the Secretary considers appropriate, to address the inadequacy of the proposed budgets specified in the report.
(ii)
Any additional comments that the Secretary considers appropriate regarding the inadequacy of the proposed budgets.
(3)
(A)
The Secretary of a military department or head of a Defense Agency may not develop or procure information technology (as defined in section 11101 of title 40) that does not fully comply with such standards as the Chief Information Officer may establish.
(B) The Chief Information Officer shall implement and enforce a process for—
(i)
developing, adopting, or publishing standards for information technology, networking, or cyber capabilities to which any military department or defense agency would need to adhere in order to run such capabilities on defense networks; and
(ii)
certifying on a regular and ongoing basis that any capabilities being developed or procured meets such standards as have been published by the Department at the time of certification.
(C)
The Chief Information Officer shall identify gaps in standards and mitigation plans for operating in the absence of acceptable standards.
(4)
The Chief Information Officer shall perform such additional duties and exercise such powers as the Secretary of Defense may prescribe.
(c)
The Chief Information Officer takes precedence in the Department of Defense with the officials serving in positions specified in section 131(b)(4) of this title. The officials serving in positions specified in section 131(b)(4) and the Chief Information Officer of the Department of Defense take precedence among themselves in the order prescribed by the Secretary of Defense.
(d)
The Chief Information Officer of the Department of Defense shall report directly to the Secretary of Defense in the performance of duties under this section.
Editorial Notes
Prior Provisions

A prior section 142 of this title was renumbered section 138d of this title and subsequently repealed.

Another prior section 142 of this title was contained in chapter 5 of this title, prior to amendment by Pub. L. 99–433. See note preceding section 151 of this title.

Amendments

2021—Subsec. (b)(1)(A). Pub. L. 117–81, § 1523(1), struck out “(other than with respect to business management)” after “sections 3506(a)(2)”.

Subsec. (b)(1)(B). Pub. L. 117–81, § 1523(1), struck out “(other than with respect to business management)” after “title 40”.

Subsec. (b)(1)(C). Pub. L. 117–81, § 1523(1), struck out “(other than with respect to business management)” after “sections 2223(a)”.

Subsec. (b)(1)(D). Pub. L. 117–81, § 1523(2), amended subpar. (D) generally. Prior to amendment, subpar. (D) read as follows: “exercises authority, direction, and control over the Information Assurance Directorate of the National Security Agency;”.

Subsecs. (c), (d). Pub. L. 116–283 redesignated subsec. (c) relating to the direct report of the Chief Information Officer to the Secretary of Defense as (d) and struck out former subsec. (d) which read as follows: “The Chief Information Officer of the Department of Defense takes precedence in the Department of Defense with the officials serving in positions specified in section 131(b)(4) of this title. The officials serving in positions specified in such section and the Chief Information Officer take precedence among themselves in the order prescribed by the Secretary of Defense.”

2019—Subsec. (b)(1)(A) to (C). Pub. L. 116–92, § 903(a)(1), struck out “systems and” after “business”.

Subsec. (b)(1)(G) to (I). Pub. L. 116–92, § 1662(b), redesignated subpars. (H) and (I) as (G) and (H), respectively, and struck out former subpar. (G) which read as follows: “has the responsibilities for policy, oversight, guidance, and coordination for nuclear command and control systems;”.

2018—Subsec. (b)(1)(A). Pub. L. 115–232, § 903(1), inserted “(other than with respect to business systems and management)” after “sections 3506(a)(2)”.

Subsec. (b)(1)(B). Pub. L. 115–232, § 903(2), substituted “sections 11315 and 11319 of title 40 (other than with respect to business systems and management)” for “section 11315 of title 40”.

Subsec. (b)(1)(C). Pub. L. 115–232, § 903(3), substituted “sections 2223(a) (other than with respect to business systems and management) and 2224” for “sections 2222, 2223(a), and 2224”.

2017—Subsec. (a). Pub. L. 115–91, § 909(a), inserted before period at end “, who shall be appointed by the President, by and with the advice and consent of the Senate, from among civilians who are qualified to serve as such officer”.

Subsec. (b)(1)(I). Pub. L. 115–91, § 909(b), substituted “the information technology, networking, information assurance, cybersecurity, and cyber capability architectures” for “the networking and cyber defense architecture”.

Subsec. (b)(2) to (4). Pub. L. 115–91, § 909(c), added pars. (2) and (3) and redesignated former par. (2) as (4).

Subsec. (c). Pub. L. 115–91, § 1081(b)(1)(A), repealed Pub. L. 113–291, § 901(j)(1)(B). See 2014 Amendment note below.

Pub. L. 115–91, § 909(d), added subsec. (c), relating to the direct report of the Chief Information Officer to the Secretary of Defense.

Subsec. (d). Pub. L. 115–91, § 909(d), added subsec. (d).

2016—Subsec. (b)(1)(E) to (I). Pub. L. 114–328 added subpars. (E) to (I).

2014—Subsec. (c). Pub. L. 113–291, § 901(j)(1)(B), which directed striking out subsec. (c), was repealed by Pub. L. 115–91, § 1081(b)(1)(A).

Statutory Notes and Related Subsidiaries
Effective Date of 2017 Amendment

Pub. L. 115–91, div. A, title IX, § 909(g), Dec. 12, 2017, 131 Stat. 1516, provided that:

“The amendments made by this section [amending this section] shall take effect on January 1, 2019.”

Pub. L. 115–91, div. A, title X, § 1081(b), Dec. 12, 2017, 131 Stat. 1597, provided that the amendment made by section 1081(b)(1)(A) is effective as of Dec. 23, 2016.

Effective Date of 2014 Amendment

Pub. L. 113–291, div. A, title IX, § 901(j)(1), Dec. 19, 2014, 128 Stat. 3467, which provided that the amendment made by section 901(j)(1)(B) is effective on the effective date specified in former section 901(a)(1) of Pub. L. 113–291, which was Feb. 1, 2017, was repealed by Pub. L. 115–91, div. A, title X, § 1081(b)(1)(A), Dec. 12, 2017, 131 Stat. 1597.

Cryptographic Modernization Schedules

Pub. L. 116–283, div. A, title I, § 153, Jan. 1, 2021, 134 Stat. 3442, provided that:

“(a) Cryptographic Modernization Schedules Required.—Each of the Secretaries of the military departments and the heads of relevant Defense Agencies and Department of Defense Field Activities shall establish and maintain a cryptographic modernization schedule that specifies, for each pertinent weapon system, command and control system, or data link under the jurisdiction of such Secretary or head, including those that use commercial encryption technologies (as relevant), the following:
“(1)
The last year of use for applicable cryptographic algorithms.
“(2)
Anticipated key extension requests for systems where cryptographic modernization is assessed to be overly burdensome and expensive or to provide limited operational utility.
“(3)
The funding and deployment schedule for modernized cryptographic algorithms, keys, and equipment over the future-years defense program submitted to Congress pursuant to section 221 of title 10, United States Code, in 2021 together with the budget of the President for fiscal year 2022.
“(b) Requirements for Chief Information Officer.—The Chief Information Officer of the Department of Defense shall—
“(1)
oversee the construction and implementation of the cryptographic modernization schedules required by subsection (a);
“(2)
establish and maintain an integrated cryptographic modernization schedule for the entire Department of Defense, collating the cryptographic modernization schedules required under subsection (a); and
“(3)
in coordination with the Director of the National Security Agency and the Joint Staff Director for Command, Control, Communications, and Computers/Cyber, use the budget certification, standard-setting, and policy-making authorities provided in section 142 of title 10, United States Code, to amend Armed Force and Defense Agency and Field Activity plans for key extension requests and cryptographic modernization funding and deployment that pose unacceptable risk to military operations.
“(c) Annual Notices.—Not later than January 1, 2022, and not less frequently than once each year thereafter until January 1, 2026, the Chief Information Officer and the Joint Staff Director shall jointly submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] notification of all—
“(1)
delays to or planned delays of Armed Force and Defense Agency and Field Activity funding and deployment of modernized cryptographic algorithms, keys, and equipment over the previous year; and
“(2) changes in plans or schedules surrounding key extension requests and waivers, including—
“(A)
unscheduled or unanticipated key extension requests; and
“(B)
unscheduled or unanticipated waivers and nonwaivers of scheduled or anticipated key extension requests.”
Service of Incumbent Without Further Appointment

Pub. L. 115–91, div. A, title IX, § 909(f), Dec. 12, 2017, 131 Stat. 1516, provided that:

“The individual serving in the position of Chief Information Officer of the Department of Defense as of January 1, 2019, may continue to serve in such position commencing as of that date without further appointment pursuant to section 142 of title 10, United States Code, as amended by this section.”