Editorial Notes
Prior Provisions

A prior section 142 of this title was renumbered section 138d of this title and subsequently repealed.

Another prior section 142 of this title was contained in chapter 5 of this title, prior to amendment by Pub. L. 99–433. See note preceding section 151 of this title.

Amendments

2021—Subsec. (b)(1)(A). Pub. L. 117–81, § 1523(1), struck out “(other than with respect to business management)” after “sections 3506(a)(2)”.

Subsec. (b)(1)(B). Pub. L. 117–81, § 1523(1), struck out “(other than with respect to business management)” after “title 40”.

Subsec. (b)(1)(C). Pub. L. 117–81, § 1523(1), struck out “(other than with respect to business management)” after “sections 2223(a)”.

Subsec. (b)(1)(D). Pub. L. 117–81, § 1523(2), amended subpar. (D) generally. Prior to amendment, subpar. (D) read as follows: “exercises authority, direction, and control over the Information Assurance Directorate of the National Security Agency;”.

Subsecs. (c), (d). Pub. L. 116–283 redesignated subsec. (c) relating to the direct report of the Chief Information Officer to the Secretary of Defense as (d) and struck out former subsec. (d) which read as follows: “The Chief Information Officer of the Department of Defense takes precedence in the Department of Defense with the officials serving in positions specified in section 131(b)(4) of this title. The officials serving in positions specified in such section and the Chief Information Officer take precedence among themselves in the order prescribed by the Secretary of Defense.”

2019—Subsec. (b)(1)(A) to (C). Pub. L. 116–92, § 903(a)(1), struck out “systems and” after “business”.

Subsec. (b)(1)(G) to (I). Pub. L. 116–92, § 1662(b), redesignated subpars. (H) and (I) as (G) and (H), respectively, and struck out former subpar. (G) which read as follows: “has the responsibilities for policy, oversight, guidance, and coordination for nuclear command and control systems;”.

2018—Subsec. (b)(1)(A). Pub. L. 115–232, § 903(1), inserted “(other than with respect to business systems and management)” after “sections 3506(a)(2)”.

Subsec. (b)(1)(B). Pub. L. 115–232, § 903(2), substituted “sections 11315 and 11319 of title 40 (other than with respect to business systems and management)” for “section 11315 of title 40”.

Subsec. (b)(1)(C). Pub. L. 115–232, § 903(3), substituted “sections 2223(a) (other than with respect to business systems and management) and 2224” for “sections 2222, 2223(a), and 2224”.

2017—Subsec. (a). Pub. L. 115–91, § 909(a), inserted before period at end “, who shall be appointed by the President, by and with the advice and consent of the Senate, from among civilians who are qualified to serve as such officer”.

Subsec. (b)(1)(I). Pub. L. 115–91, § 909(b), substituted “the information technology, networking, information assurance, cybersecurity, and cyber capability architectures” for “the networking and cyber defense architecture”.

Subsec. (b)(2) to (4). Pub. L. 115–91, § 909(c), added pars. (2) and (3) and redesignated former par. (2) as (4).

Subsec. (c). Pub. L. 115–91, § 1081(b)(1)(A), repealed Pub. L. 113–291, § 901(j)(1)(B). See 2014 Amendment note below.

Pub. L. 115–91, § 909(d), added subsec. (c), relating to the direct report of the Chief Information Officer to the Secretary of Defense.

Subsec. (d). Pub. L. 115–91, § 909(d), added subsec. (d).

2016—Subsec. (b)(1)(E) to (I). Pub. L. 114–328 added subpars. (E) to (I).

2014—Subsec. (c). Pub. L. 113–291, § 901(j)(1)(B), which directed striking out subsec. (c), was repealed by Pub. L. 115–91, § 1081(b)(1)(A).

Statutory Notes and Related Subsidiaries
Effective Date of 2017 Amendment

Pub. L. 115–91, div. A, title IX, § 909(g), Dec. 12, 2017, 131 Stat. 1516, provided that: “The amendments made by this section [amending this section] shall take effect on January 1, 2019.”

Pub. L. 115–91, div. A, title X, § 1081(b), Dec. 12, 2017, 131 Stat. 1597, provided that the amendment made by section 1081(b)(1)(A) is effective as of Dec. 23, 2016.

Effective Date of 2014 Amendment

Pub. L. 113–291, div. A, title IX, § 901(j)(1), Dec. 19, 2014, 128 Stat. 3467, which provided that the amendment made by section 901(j)(1)(B) is effective on the effective date specified in former section 901(a)(1) of Pub. L. 113–291, which was Feb. 1, 2017, was repealed by Pub. L. 115–91, div. A, title X, § 1081(b)(1)(A), Dec. 12, 2017, 131 Stat. 1597.

Cryptographic Modernization Schedules

Pub. L. 116–283, div. A, title I, § 153, Jan. 1, 2021, 134 Stat. 3442, provided that:

“(a)
Cryptographic Modernization Schedules Required.—
Each of the Secretaries of the military departments and the heads of relevant Defense Agencies and Department of Defense Field Activities shall establish and maintain a cryptographic modernization schedule that specifies, for each pertinent weapon system, command and control system, or data link under the jurisdiction of such Secretary or head, including those that use commercial encryption technologies (as relevant), the following:
“(1)
The last year of use for applicable cryptographic algorithms.
“(2)
Anticipated key extension requests for systems where cryptographic modernization is assessed to be overly burdensome and expensive or to provide limited operational utility.
“(3)
The funding and deployment schedule for modernized cryptographic algorithms, keys, and equipment over the future-years defense program submitted to Congress pursuant to section 221 of title 10, United States Code, in 2021 together with the budget of the President for fiscal year 2022.
“(b)
Requirements for Chief Information Officer.—
The Chief Information Officer of the Department of Defense shall—
“(1)
oversee the construction and implementation of the cryptographic modernization schedules required by subsection (a);
“(2)
establish and maintain an integrated cryptographic modernization schedule for the entire Department of Defense, collating the cryptographic modernization schedules required under subsection (a); and
“(3)
in coordination with the Director of the National Security Agency and the Joint Staff Director for Command, Control, Communications, and Computers/Cyber, use the budget certification, standard-setting, and policy-making authorities provided in section 142 of title 10, United States Code, to amend Armed Force and Defense Agency and Field Activity plans for key extension requests and cryptographic modernization funding and deployment that pose unacceptable risk to military operations.
“(c)
Annual Notices.—
Not later than January 1, 2022, and not less frequently than once each year thereafter until January 1, 2026, the Chief Information Officer and the Joint Staff Director shall jointly submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] notification of all—
“(1)
delays to or planned delays of Armed Force and Defense Agency and Field Activity funding and deployment of modernized cryptographic algorithms, keys, and equipment over the previous year; and
“(2)
changes in plans or schedules surrounding key extension requests and waivers, including—
“(A)
unscheduled or unanticipated key extension requests; and
“(B)
unscheduled or unanticipated waivers and nonwaivers of scheduled or anticipated key extension requests.”

Service of Incumbent Without Further Appointment

Pub. L. 115–91, div. A, title IX, § 909(f), Dec. 12, 2017, 131 Stat. 1516, provided that: “The individual serving in the position of Chief Information Officer of the Department of Defense as of January 1, 2019, may continue to serve in such position commencing as of that date without further appointment pursuant to section 142 of title 10, United States Code, as amended by this section.”