[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7257 Introduced in House (IH)]
<DOC>
116th CONGRESS
2d Session
H. R. 7257
To direct the Secretary of Defense to carry out activities to develop,
secure, and effectively implement fifth generation information and
communications technology within the Department of Defense.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
June 18, 2020
Mr. Larsen of Washington (for himself and Mr. Gallagher) introduced the
following bill; which was referred to the Committee on Armed Services
_______________________________________________________________________
A BILL
To direct the Secretary of Defense to carry out activities to develop,
secure, and effectively implement fifth generation information and
communications technology within the Department of Defense.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. TELECOMMUNICATIONS SECURITY PROGRAM.
(a) Program Required.--The Secretary of Defense shall carry out a
program to identify and mitigate vulnerabilities in the
telecommunications infrastructure of the Department of Defense.
(b) Elements.--In carrying out the program under subsection (a),
the Secretary shall--
(1) develop a capability to communicate clearly and
authoritatively about threats by foreign actors;
(2) conduct independent red-team security analysis of
Department of Defense systems, subsystems, devices, and
components including no-knowledge testing and testing with
limited or full knowledge of expected functionalities;
(3) verify the integrity of personnel who are tasked with
design fabrication, integration, configuration, storage, test,
and documentation of noncommercial 5G technology to be used by
the Department of Defense;
(4) verify the efficacy of the physical security measures
used at Department of Defense locations where system design,
fabrication, integration, configuration, storage, test, and
documentation of 5G technology occurs;
(5) direct the Chief Information Officer of the Department
of Defense to use the Federal Risk and Authorization Management
Program (commonly known as ``FedRAMP'') moderate or high cloud
standard baselines, supplemented with the Department's FedRAMP
cloud standard controls and control enhancements, to assess 5G
core service providers whose services will be used by the
Department of Defense through the Department's provisional
authorization process; and
(6) direct the Defense Information Systems Agency and the
United States Cyber Command to Develop a capability for
continuous, independent monitoring of packet streams for 5G
data on frequencies assigned to the Department of Defense to
validate availability, confidentiality, and integrity of
Department of Defense communications systems.
(c) Implementation Plan.--Not later than 90 days after the date of
the enactment of this Act, the Secretary of Defense shall submit to
Congress a plan for the implementation of the program under subsection
(a).
(d) Report Required.--Not later than 180 days after submitting the
plan under subsection (c), the Secretary of Defense shall submit to
Congress a report that includes--
(1) a comprehensive assessment of the findings and
conclusions of the program under subsection (a);
(2) recommendations on how to mitigate vulnerabilities in
the Department of Defense telecommunications infrastructure;
and
(3) an explanation of how the Department of Defense plans
to implement such recommendations.
<all>