[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7257 Introduced in House (IH)]

<DOC>






116th CONGRESS
  2d Session
                                H. R. 7257

To direct the Secretary of Defense to carry out activities to develop, 
  secure, and effectively implement fifth generation information and 
      communications technology within the Department of Defense.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             June 18, 2020

Mr. Larsen of Washington (for himself and Mr. Gallagher) introduced the 
 following bill; which was referred to the Committee on Armed Services

_______________________________________________________________________

                                 A BILL


 
To direct the Secretary of Defense to carry out activities to develop, 
  secure, and effectively implement fifth generation information and 
      communications technology within the Department of Defense.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. TELECOMMUNICATIONS SECURITY PROGRAM.

    (a) Program Required.--The Secretary of Defense shall carry out a 
program to identify and mitigate vulnerabilities in the 
telecommunications infrastructure of the Department of Defense.
    (b) Elements.--In carrying out the program under subsection (a), 
the Secretary shall--
            (1) develop a capability to communicate clearly and 
        authoritatively about threats by foreign actors;
            (2) conduct independent red-team security analysis of 
        Department of Defense systems, subsystems, devices, and 
        components including no-knowledge testing and testing with 
        limited or full knowledge of expected functionalities;
            (3) verify the integrity of personnel who are tasked with 
        design fabrication, integration, configuration, storage, test, 
        and documentation of noncommercial 5G technology to be used by 
        the Department of Defense;
            (4) verify the efficacy of the physical security measures 
        used at Department of Defense locations where system design, 
        fabrication, integration, configuration, storage, test, and 
        documentation of 5G technology occurs;
            (5) direct the Chief Information Officer of the Department 
        of Defense to use the Federal Risk and Authorization Management 
        Program (commonly known as ``FedRAMP'') moderate or high cloud 
        standard baselines, supplemented with the Department's FedRAMP 
        cloud standard controls and control enhancements, to assess 5G 
        core service providers whose services will be used by the 
        Department of Defense through the Department's provisional 
        authorization process; and
            (6) direct the Defense Information Systems Agency and the 
        United States Cyber Command to Develop a capability for 
        continuous, independent monitoring of packet streams for 5G 
        data on frequencies assigned to the Department of Defense to 
        validate availability, confidentiality, and integrity of 
        Department of Defense communications systems.
    (c) Implementation Plan.--Not later than 90 days after the date of 
the enactment of this Act, the Secretary of Defense shall submit to 
Congress a plan for the implementation of the program under subsection 
(a).
    (d) Report Required.--Not later than 180 days after submitting the 
plan under subsection (c), the Secretary of Defense shall submit to 
Congress a report that includes--
            (1) a comprehensive assessment of the findings and 
        conclusions of the program under subsection (a);
            (2) recommendations on how to mitigate vulnerabilities in 
        the Department of Defense telecommunications infrastructure; 
        and
            (3) an explanation of how the Department of Defense plans 
        to implement such recommendations.
                                 <all>