§189 — Title 10 Armed Forces | U.S. Code

Summary

The Department of Defense must set up a Communications Security Review and Advisory Board to watch over the military’s communications security, cryptography updates, and key management, and to give advice to the Secretary. The Secretary decides how many members the Board has. The Department’s Chief Information Officer leads the Board. Members are senior officers in the grades of general or admiral and civilian Senior Executive Service employees. The Board must monitor and track department-wide efforts (including major acquisition programs), require each military department’s CIO to report its activities, check and approve lifecycle plans for major programs, decide when cryptographic gear needs replacement and the risks of using expired gear, run deep reviews to spot requirements and program risks, create a long-term roadmap tied to major plans, and advise the Secretary on cryptography and budgets. The Board will not review programs funded by the National Intelligence Program.

Title 10, §189

Armed Forces — Source: USLM XML via OLRC

(a)There shall be in the Department of Defense a Communications Security Review and Advisory Board (in this section referred to as the “Board”) to review and assess the communications security, cryptographic modernization, and related key management activities of the Department and provide advice to the Secretary with respect to such activities.

(b)(1)The Secretary shall determine the number of members of the Board.

(2)The Chief Information Officer of the Department of Defense shall serve as chairman of the Board.

(3)The Secretary shall appoint officers in the grade of general or admiral and civilian employees of the Department of Defense in the Senior Executive Service to serve as members of the Board.

(c)The Board shall—

(1)monitor the overall communications security, cryptographic modernization, and key management efforts of the Department, including activities under major defense acquisition programs (as defined in section 4201 of this title), by—

(A)requiring each Chief Information Officer of each military department to report the communications security activities of the military department to the Board;

(B)tracking compliance of each military department with respect to communications security modernization efforts;

(C)validating lifecycle communications security modernization plans for major defense acquisition programs;

(2)validate the need to replace cryptographic equipment based on the expiration dates of the equipment and evaluate the risks of continuing to use cryptographic equipment after such expiration dates;

(3)convene in-depth program reviews for specific cryptographic modernization developments with respect to validating requirements and identifying programmatic risks;

(4)develop a long-term roadmap for communications security to identify potential issues and ensure synchronization with major planning documents; and

(5)advise the Secretary on the cryptographic posture of the Department, including budgetary recommendations.

(d)The Board shall not include the consideration of programs funded under the National Intelligence Program (as defined in section 3(6) of the National Security Act of 1947 (50 U.S.C. 3003(6))) in carrying out this section.

Notes & Related Subsidiaries

Editorial Notes

Amendments

2021—Subsec. (c)(1). Pub. L. 116–283 substituted “section 4201” for “section 2430(a)”. 2014—Subsec. (c)(1). Pub. L. 113–291 substituted “2430(a)” for “139c” in introductory provisions.

Statutory Notes and Related Subsidiaries

Effective Date

of 2021 AmendmentAmendment by Pub. L. 116–283 effective Jan. 1, 2022, with additional provisions for delayed implementation and applicability of existing law, see section 1801(d) of Pub. L. 116–283, set out as a note preceding section 3001 of this title.

§189 Communications Security Review and Advisory Board