Home Cyber Congress NDAA Passes House and Emerges from Conference with Senate, without Mandatory Cyber...

NDAA Passes House and Emerges from Conference with Senate, without Mandatory Cyber Reporting

December 9, 2021

In a hurry to finish before this session of Congress ends, the fiscal 2022 National Defense Authorization Act was passed by the House 363–70 on Tuesday, then went directly to conference with the Senate, which had not yet passed its own version. The bill that emerged includes $778 billion for national security spending, and combines the text passed by the Senate Armed Services Committee in July and the House bill passed in September.

The final version has dropped provisions found in the House version that would have required many companies to report cyberattacks and ransomware payments to federal officials. Supporters said that time ran out to resolve differences, and blamed Senate Republicans such as Minority Leader Mitch McConnell (R-KY) and Rick Scott (R-FL) for the exclusion. A Senate aide said that progress had been made, however, and the measure might still be enacted separately. The bill also left out House-passed provisions that would have set a five-year term for the CISA director, and called for DHS to develop a “cyber threat information collaboration environment.”

Provisions included in the final bill would:

Require DoD’s Comptroller, CIO, and Chief Data Officer to devise a plan to consolidate IT systems.
Expand the National Guard’s role as cybersecurity support.
Require a report on “duplicative information technology contracts.”
Make the undersecretary of defense for research and engineering the chief technical advisor to the Joint Requirements Oversight Council.
Require the deputy principal cyber advisor position to come from the Office of the Undersecretary of Defense for Policy.
Create a microelectronics research network.
Create a pilot program to develop “unique acquisition mechanisms for emerging technologies.”
Authorize CISA to establish a National Cyber Exercise Program to simulate shutdown of the government or a critical infrastructure network.
Mandate an assessment of the impact of the CMMC on small businesses.
Require DOD to develop joint zero trust and data management strategies.

Sources:

Federal Computer Week: House passes NDAA compromise bill
CyberScoop: Cyber Incident Reporting Mandates Suffer Another Congressional Setback
Federal News Network: CISA Cyber Incident Reporting Requirements Trip on Defense Bill Finish Line

RELATED ARTICLESMORE FROM AUTHOR

Senate Bill Would Require Several Important Updates to the Way the US Federal Government Acquires Technology

Federal Acquisition Regulation – Sustainable Procurement

Biden Administration’s Cybersecurity Goals Almost Reached

RELATED ARTICLES MORE FROM AUTHOR