(a) Establishment.—
There shall be in the Department of Defense a Communications Security Review and Advisory Board (in this section referred to as the “Board”) to review and assess the communications security, cryptographic modernization, and related key management activities of the Department and provide advice to the Secretary with respect to such activities.
(b) Members.—
(c) Responsibilities.—The Board shall—
(1) monitor the overall communications security, cryptographic modernization, and key management efforts of the Department, including activities under major defense acquisition programs (as defined in section 4201 of this title), by—
(A)
requiring each Chief Information Officer of each military department to report the communications security activities of the military department to the Board;
(2)
validate the need to replace cryptographic equipment based on the expiration dates of the equipment and evaluate the risks of continuing to use cryptographic equipment after such expiration dates;
(3)
convene in-depth program reviews for specific cryptographic modernization developments with respect to validating requirements and identifying programmatic risks;
(d) Exclusion of Certain Programs.—
The Board shall not include the consideration of programs funded under the National Intelligence Program (as defined in section 3(6) of the National Security Act of 1947 (50 U.S.C. 3003(6))) in carrying out this section.
(Added Pub. L. 113–66, div. A, title II, § 261(a), Dec. 26, 2013, 127 Stat. 724; amended Pub. L. 113–291, div. A, title X, § 1071(f)(4), Dec. 19, 2014, 128 Stat. 3510; Pub. L. 116–283, div. A, title XVIII, § 1846(i)(2), Jan. 1, 2021, 134 Stat. 4252.)