(a) There is a Chief Information Officer of the Department of Defense, who shall be appointed by the President, by and with the advice and consent of the Senate, from among civilians who are qualified to serve as such officer.
(b)
(1) The Chief Information Officer of the Department of Defense—
(A) is the Chief Information Officer of the Department of Defense for the purposes of sections 3506(a)(2) (other than with respect to business management) and 3544(a)(3) of title 44;
(B) has the responsibilities and duties specified in sections 11315 and 11319 of title 40 (other than with respect to business management);
(C) has the responsibilities specified for the Chief Information Officer in sections 2223(a) (other than with respect to business management) and 2224 of this title;
(D) exercises authority, direction, and control over the Information Assurance Directorate of the National Security Agency;
(E) exercises authority, direction, and control over the Defense Information Systems Agency, or any successor organization;
(F) has the responsibilities for policy, oversight, guidance, and coordination for all Department of Defense matters related to electromagnetic spectrum, including coordination with other Federal and industry agencies, coordination for classified programs, and in coordination with the Under Secretary for Personnel and Readiness, policies related to spectrum management workforce;
(G) has the responsibilities for policy, oversight, and guidance for matters related to precision navigation and timing; and
(H) has the responsibilities for policy, oversight, and guidance for the architecture and programs related to the information technology, networking, information assurance, cybersecurity, and cyber capability architectures of the Department.
(2)
(A) The Secretary of Defense, acting through the Under Secretary of Defense (Comptroller), shall require the Secretaries of the military departments and the heads of the Defense Agencies with responsibilities associated with any activity specified in paragraph (1) to transmit the proposed budget for such activities for a fiscal year and for the period covered by the future-years defense program submitted to Congress under section 221 of this title for that fiscal year to the Chief Information Officer for review under subparagraph (B) before submitting the proposed budget to the Under Secretary of Defense (Comptroller).
(B) The Chief Information Officer shall review each proposed budget transmitted under subparagraph (A) and, not later than January 31 of the year preceding the fiscal year for which the budget is proposed, shall submit to the Secretary of Defense a report containing the comments of the Chief Information Officer with respect to all such proposed budgets, together with the certification of the Chief Information Officer regarding whether each proposed budget is adequate.
(C) Not later than March 31 of each year, the Secretary of Defense shall submit to Congress a report specifying each proposed budget contained in the most-recent report submitted under subparagraph (B) that the Chief Information Officer did not certify to be adequate. The report of the Secretary shall include the following matters:
(i) A discussion of the actions that the Secretary proposes to take, together with any recommended legislation that the Secretary considers appropriate, to address the inadequacy of the proposed budgets specified in the report.
(ii) Any additional comments that the Secretary considers appropriate regarding the inadequacy of the proposed budgets.
(3)
(A) The Secretary of a military department or head of a Defense Agency may not develop or procure information technology (as defined in section 11101 of title 40) that does not fully comply with such standards as the Chief Information Officer may establish.
(B) The Chief Information Officer shall implement and enforce a process for—
(i) developing, adopting, or publishing standards for information technology, networking, or cyber capabilities to which any military department or defense agency would need to adhere in order to run such capabilities on defense networks; and
(ii) certifying on a regular and ongoing basis that any capabilities being developed or procured meets such standards as have been published by the Department at the time of certification.
(C) The Chief Information Officer shall identify gaps in standards and mitigation plans for operating in the absence of acceptable standards.
(4) The Chief Information Officer shall perform such additional duties and exercise such powers as the Secretary of Defense may prescribe.
(c) 1 The Chief Information Officer takes precedence in the Department of Defense with the officials serving in positions specified in section 131(b)(4) of this title. The officials serving in positions specified in section 131(b)(4) and the Chief Information Officer of the Department of Defense take precedence among themselves in the order prescribed by the Secretary of Defense.
(c) 1 The Chief Information Officer of the Department of Defense shall report directly to the Secretary of Defense in the performance of duties under this section.
(d) The Chief Information Officer of the Department of Defense takes precedence in the Department of Defense with the officials serving in positions specified in section 131(b)(4) of this title. The officials serving in positions specified in such section and the Chief Information Officer take precedence among themselves in the order prescribed by the Secretary of Defense.
Prior Provisions
A prior section 142 of this title was renumbered section 138d of this title and subsequently repealed.
Another prior section 142 of this title was contained in chapter 5 of this title, prior to amendment by Pub. L. 99–433. See note preceding section 151 of this title.
Amendments
2019—Subsec. (b)(1)(A) to (C). Pub. L. 116–92, §903(a)(1), struck out "systems and" after "business".
Subsec. (b)(1)(G) to (I). Pub. L. 116–92, §1662(b), redesignated subpars. (H) and (I) as (G) and (H), respectively, and struck out former subpar. (G) which read as follows: "has the responsibilities for policy, oversight, guidance, and coordination for nuclear command and control systems;".
2018—Subsec. (b)(1)(A). Pub. L. 115–232, §903(1), inserted "(other than with respect to business systems and management)" after "sections 3506(a)(2)".
Subsec. (b)(1)(B). Pub. L. 115–232, §903(2), substituted "sections 11315 and 11319 of title 40 (other than with respect to business systems and management)" for "section 11315 of title 40".
Subsec. (b)(1)(C). Pub. L. 115–232, §903(3), substituted "sections 2223(a) (other than with respect to business systems and management) and 2224" for "sections 2222, 2223(a), and 2224".
2017—Subsec. (a). Pub. L. 115–91, §909(a), inserted before period at end ", who shall be appointed by the President, by and with the advice and consent of the Senate, from among civilians who are qualified to serve as such officer".
Subsec. (b)(1)(I). Pub. L. 115–91, §909(b), substituted "the information technology, networking, information assurance, cybersecurity, and cyber capability architectures" for "the networking and cyber defense architecture".
Subsec. (b)(2) to (4). Pub. L. 115–91, §909(c), added pars. (2) and (3) and redesignated former par. (2) as (4).
Subsec. (c). Pub. L. 115–91, §1081(b)(1)(A), repealed Pub. L. 113–291, §901(j)(1)(B). See 2014 Amendment note below.
Pub. L. 115–91, §909(d), added subsec. (c), relating to the direct report of the Chief Information Officer to the Secretary of Defense.
Subsec. (d). Pub. L. 115–91, §909(d), added subsec. (d).
2016—Subsec. (b)(1)(E) to (I). Pub. L. 114–328 added subpars. (E) to (I).
2014—Subsec. (c). Pub. L. 113–291, §901(j)(1)(B), which directed striking out subsec. (c), was repealed by Pub. L. 115–91, §1081(b)(1)(A).
Effective Date of 2017 Amendment
Pub. L. 115–91, div. A, title IX, §909(g), Dec. 12, 2017, 131 Stat. 1516, provided that: "The amendments made by this section [amending this section] shall take effect on January 1, 2019."
Pub. L. 115–91, div. A, title X, §1081(b), Dec. 12, 2017, 131 Stat. 1597, provided that the amendment made by section 1081(b)(1)(A) is effective as of Dec. 23, 2016.
Effective Date of 2014 Amendment
Pub. L. 113–291, div. A, title IX, §901(j)(1), Dec. 19, 2014, 128 Stat. 3467, which provided that the amendment made by section 901(j)(1)(B) is effective on the effective date specified in former section 901(a)(1) of Pub. L. 113–291, which was Feb. 1, 2017, was repealed by Pub. L. 115–91, div. A, title X, §1081(b)(1)(A), Dec. 12, 2017, 131 Stat. 1597.
Service of Incumbent Without Further Appointment
Pub. L. 115–91, div. A, title IX, §909(f), Dec. 12, 2017, 131 Stat. 1516, provided that: "The individual serving in the position of Chief Information Officer of the Department of Defense as of January 1, 2019, may continue to serve in such position commencing as of that date without further appointment pursuant to section 142 of title 10, United States Code, as amended by this section."
1 So in original. Two subsecs. (c) have been enacted.