View all text of Chapter 4 [§ 131 - § 149]
§ 142. Chief Information Officer
(a) There is a Chief Information Officer of the Department of Defense, who shall be appointed by the President, by and with the advice and consent of the Senate, from among civilians who are qualified to serve as such officer.
(b)
(1) The Chief Information Officer of the Department of Defense—
(A) is the Chief Information Officer of the Department of Defense for the purposes of sections 3506(a)(2) and 3544(a)(3) of title 44;
(B) has the responsibilities and duties specified in sections 11315 and 11319 of title 40;
(C) has the responsibilities specified for the Chief Information Officer in sections 2223(a) and 2224 of this title;
(D) exercises authority, direction, and control over the Activities of the Cybersecurity Directorate, or any successor organization, of the National Security Agency, funded through the Information Systems Security Program;
(E) exercises authority, direction, and control over the Defense Information Systems Agency, or any successor organization;
(F) has the responsibilities for policy, oversight, guidance, and coordination for all Department of Defense matters related to electromagnetic spectrum, including coordination with other Federal and industry agencies, coordination for classified programs, and in coordination with the Under Secretary for Personnel and Readiness, policies related to spectrum management workforce;
(G) has the responsibilities for policy, oversight, and guidance for matters related to precision navigation and timing; and
(H) has the responsibilities for policy, oversight, and guidance for the architecture and programs related to the information technology, networking, information assurance, cybersecurity, and cyber capability architectures of the Department.
(2)
(A) The Secretary of Defense, acting through the Under Secretary of Defense (Comptroller), shall require the Secretaries of the military departments and the heads of the Defense Agencies with responsibilities associated with any activity specified in paragraph (1) to transmit the proposed budget for such activities for a fiscal year and for the period covered by the future-years defense program submitted to Congress under section 221 of this title for that fiscal year to the Chief Information Officer for review under subparagraph (B) before submitting the proposed budget to the Under Secretary of Defense (Comptroller).
(B) The Chief Information Officer shall review each proposed budget transmitted under subparagraph (A) and, not later than January 31 of the year preceding the fiscal year for which the budget is proposed, shall submit to the Secretary of Defense a report containing the comments of the Chief Information Officer with respect to all such proposed budgets, together with the certification of the Chief Information Officer regarding whether each proposed budget is adequate.
(C) Not later than March 31 of each year, the Secretary of Defense shall submit to Congress a report specifying each proposed budget contained in the most-recent report submitted under subparagraph (B) that the Chief Information Officer did not certify to be adequate. The report of the Secretary shall include the following matters:
(i) A discussion of the actions that the Secretary proposes to take, together with any recommended legislation that the Secretary considers appropriate, to address the inadequacy of the proposed budgets specified in the report.
(ii) Any additional comments that the Secretary considers appropriate regarding the inadequacy of the proposed budgets.
(3)
(A) The Secretary of a military department or head of a Defense Agency may not develop or procure information technology (as defined in section 11101 of title 40) that does not fully comply with such standards as the Chief Information Officer may establish.
(B) The Chief Information Officer shall implement and enforce a process for—
(i) developing, adopting, or publishing standards for information technology, networking, or cyber capabilities to which any military department or defense agency would need to adhere in order to run such capabilities on defense networks; and
(ii) certifying on a regular and ongoing basis that any capabilities being developed or procured meets such standards as have been published by the Department at the time of certification.
(C) The Chief Information Officer shall identify gaps in standards and mitigation plans for operating in the absence of acceptable standards.
(4) The Chief Information Officer shall perform such additional duties and exercise such powers as the Secretary of Defense may prescribe.
(c) The Chief Information Officer takes precedence in the Department of Defense with the officials serving in positions specified in section 131(b)(4) of this title. The officials serving in positions specified in section 131(b)(4) and the Chief Information Officer of the Department of Defense take precedence among themselves in the order prescribed by the Secretary of Defense.
(d) The Chief Information Officer of the Department of Defense shall report directly to the Secretary of Defense in the performance of duties under this section.
(Added and amended Pub. L. 113–291, div. A, title IX, § 901(b)(1), (j)(1)(B), Dec. 19, 2014, 128 Stat. 3463, 3467; Pub. L. 114–328, div. A, title IX, § 902(a), Dec. 23, 2016, 130 Stat. 2343; Pub. L. 115–91, div. A, title IX, § 909(a)–(d), title X, § 1081(b)(1)(A), Dec. 12, 2017, 131 Stat. 1514, 1515, 1597; Pub. L. 115–232, div. A, title IX, § 903, Aug. 13, 2018, 132 Stat. 1922; Pub. L. 116–92, div. A, title IX, § 903(a)(1), title XVI, § 1662(b), Dec. 20, 2019, 133 Stat. 1555, 1772; Pub. L. 116–283, div. A, title X, § 1081(a)(9), Jan. 1, 2021, 134 Stat. 3871; Pub. L. 117–81, div. A, title XV, § 1523, Dec. 27, 2021, 135 Stat. 2042.)