(Added Pub. L. 105–261, div. A, title III, § 331(a)(1),Oct. 17, 1998, 112 Stat. 1967; amended Pub. L. 106–398, § 1 [[div. A], title VIII, § 811(a)], Oct. 30, 2000, 114 Stat. 1654, 1654A–210; Pub. L. 107–217, § 3(b)(1),Aug. 21, 2002, 116 Stat. 1295; Pub. L. 109–364, div. A, title IX, § 906(b),Oct. 17, 2006, 120 Stat. 2354.)
2006—Subsec. (c)(3). Pub. L. 109–364
” for “section
2002—Subsecs. (a), (b). Pub. L. 107–217
, § 3(b)(1)(A), (B), substituted “section
” for “section 5125 of the Clinger-Cohen Act of 1996 (40
U.S.C. 1425)” in introductory provisions.
Subsec. (c)(2). Pub. L. 107–217
, § 3(b)(1)(C), substituted “section
” for “section 5002 of the Clinger-Cohen Act of 1996 (40
Subsec. (c)(3). Pub. L. 107–217
, § 3(b)(1)(D), substituted “section
” for “section 5142 of the Clinger-Cohen Act of 1996 (40
2000—Subsec. (a)(5). Pub. L. 106–398
added par. (5).
Pub. L. 105–261
, div. A, title III, § 331(b),Oct. 17, 1998, 112 Stat. 1968
, provided that: “Section
, United States Code, as added by subsection (a), shall take effect on October 1, 1998.”
Ozone Widget Framework
Pub. L. 112–81
, div. A, title IX, § 924,Dec. 31, 2011, 125 Stat. 1539
, provided that:
“(a) Mechanism for Internet Publication of Information for Development of Analysis Tools and Applications.—The Chief Information Officer of the Department of Defense, acting through the Director of the Defense Information Systems Agency, shall implement a mechanism to publish and maintain on the public Internet the application programming interface specifications, a developer’s toolkit, source code, and such other information on, and resources for, the Ozone Widget Framework (OWF) as the Chief Information Officer considers necessary to permit individuals and companies to develop, integrate, and test analysis tools and applications for use by the Department of Defense and the elements of the intelligence community.
“(b) Process for Voluntary Contribution of Improvements by Private Sector.—In addition to the requirement under subsection (a), the Chief Information Officer shall also establish a process by which private individuals and companies may voluntarily contribute the following:
“(1) Improvements to the source code and documentation for the Ozone Widget Framework.
“(2) Alternative or compatible implementations of the published application programming interface specifications for the Framework.
“(c) Encouragement of Use and Development.—The Chief Information Officer shall, whenever practicable, encourage and foster the use, support, development, and enhancement of the Ozone Widget Framework by the computer industry and commercial information technology vendors, including the development of tools that are compatible with the Framework.”
Continuous Monitoring of Department of Defense Information Systems for Cybersecurity
Pub. L. 111–383
, div. A, title IX, § 931,Jan. 7, 2011, 124 Stat. 4334
, provided that:
“(a) In General.—The Secretary of Defense shall direct the Chief Information Officer of the Department of Defense to work, in coordination with the Chief Information Officers of the military departments and the Defense Agencies and with senior cybersecurity and information assurance officials within the Department of Defense and otherwise within the Federal Government, to achieve, to the extent practicable, the following:
“(1) The continuous prioritization of the policies, principles, standards, and guidelines developed under section 20 of the National Institute of Standards and Technology Act (15
) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) based upon the evolving threat of information security incidents with respect to national security systems, the vulnerability of such systems to such incidents, and the consequences of information security incidents involving such systems.
“(2) The automation of continuous monitoring of the effectiveness of the information security policies, procedures, and practices within the information infrastructure of the Department of Defense, and the compliance of that infrastructure with such policies, procedures, and practices, including automation of—
“(A) management, operational, and technical controls of every information system identified in the inventory required under section
, United States Code; and
“(B) management, operational, and technical controls relied on for evaluations under section
, United States Code.
“(b) Definitions.—In this section:
“(1) The term ‘information security incident’ means an occurrence that—
“(A) actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information such system processes, stores, or transmits; or
“(B) constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies with respect to an information system.
“(2) The term ‘information infrastructure’ means the underlying framework, equipment, and software that an information system and related assets rely on to process, transmit, receive, or store information electronically.
“(3) The term ‘national security system’ has the meaning given that term in section
, United States Code.”