[国会记录第157卷，第190号(2011年12月12日，星期一)][House] [page H8356-H8726]McKEON先生提交了以下会议报告和关于法案(H.R. 1540)的声明，授权2012财政年度国防部军事活动、军事建设和能源部国防活动的拨款，规定该财政年度军事人员编制及其他用途。会议报告(H.报告112-329)[…]922秒。。内部威胁检测。（a）所需的计划.--国防部长应建立一项信息共享保护计划，并对国防部的信息系统建立信息分享和内部威胁缓解，以检测未经授权的访问，使用或传输分类或控制的未分类信息。（b）元素 - 根据第（a）款建立的计划，包括以下内容：（1）在国防部内部部署的技术解决方案，以便集中监测和检测未经授权的活动，包括 - （a）监测使用外部端口和读写能力控制;（b）物理或电子地禁用电脑的可移动媒体端口;（c）电子审计和报告异常和未经授权的用户活动;（d）使用数据丢失预防和数据权限管理技术，以防止未经授权从网络导出信息或在未经授权的此类信息导出时呈现此类信息;（e）基于角色的访问认证系统;（f）交叉域警卫，用于在不同网络之间传输信息;（g）软件和安全更新的补丁管理。（2）支持此类计划的政策和程序，包括特别审议与国际和际伙伴关系相关的政策和程序以及支持在敌对地区的持续行动。 (3) A governance structure and process that integrates information security and sharing technologies with the policies and procedures referred to in paragraph (2). Such structure and process shall include-- (A) coordination with the existing security clearance and suitability review process; (B) coordination of existing anomaly detection techniques, including those used in counterintelligence investigation or personnel screening activities; and [[Page H8429]] (C) updating and expediting of the classification review and marking process. (4) A continuing analysis of-- (A) gaps in security measures under the program; and (B) technology, policies, and processes needed to increase the capability of the program beyond the initially established full operating capability to address such gaps. (5) A baseline analysis framework that includes measures of performance and effectiveness. (6) A plan for how to ensure related security measures are put in place for other departments or agencies with access to Department of Defense networks. (7) A plan for enforcement to ensure that the program is being applied and implemented on a uniform and consistent basis. (c) Operating Capability.--The Secretary shall ensure the program established under subsection (a)-- (1) achieves initial operating capability not later than October 1, 2012; and (2) achieves full operating capability not later than October 1, 2013. (d) Report.--Not later than 90 days after the date of the enactment of this Act, the Secretary shall submit to the congressional defense committees a report that includes-- (1) the implementation plan for the program established under subsection (a); (2) the resources required to implement the program; (3) specific efforts to ensure that implementation does not negatively impact activities in support of ongoing operations in areas of hostilities; (4) a definition of the capabilities that will be achieved at initial operating capability and full operating capability, respectively; and (5) a description of any other issues related to such implementation that the Secretary considers appropriate. (e) Briefing Requirement.--The Secretary shall provide briefings to the Committees on Armed Services of the House of Representatives and the Senate as follows: (1) Not later than 90 days after the date of the enactment of this Act, a briefing describing the governance structure referred to in subsection (b)(3). (2) Not later than 120 days after the date of the enactment of this Act, a briefing detailing the inventory and status of technology solutions deployment referred to in subsection (b)(1), including an identification of the total number of host platforms planned for such deployment, the current number of host platforms that provide appropriate security, and the funding and timeline for remaining deployment. (3) Not later than 180 days after the date of the enactment of this Act, a briefing detailing the policies and procedures referred to in subsection (b)(2), including an assessment of the effectiveness of such policies and procedures and an assessment of the potential impact of such policies and procedures on information sharing within the Department of Defense and with interagency and international partners. (f) Budget Submission.--On the date on which the President submits to Congress the budget under section 1105 of title 31, United States Code, for each of fiscal years 2014 through 2019, the Secretary of Defense shall submit to the congressional defense committees an identification of the resources requested in such budget to carry out the program established under subsection (a). [...]内部威胁探测(第922条)众议院法案中包含一项条款(第922条)，要求国防部长建立一个信息共享保护和内部威胁缓解计划，并向国会国防委员会定期通报国防部长的战略、战略实施情况，和相关资源。此外，年度预算提交必须包括确定方案所需的资源。参议院修正案包含了类似的条款(第932条)。参议院通过了一项修正案，该修正案将包括几个程序和技术选项，以对抗参议院条款中包含的内部威胁。与会者同意参议院条款中所包含的警告，即国防部应将其应对内部威胁的计划与整体网络安全战略和计划充分整合在一起，因为这两个挑战之间存在高度重叠。[...]