116 STAT. 2518 PUBLIC LAW 107-314—DEC. 2, 2002 10 USC 2302 SEC. 352. POLICY REGARDING ACQUISITION OF INFORMATION ASSUR- °ote. ANCE AND INFORMATION ASSURANCE-ENABLED INFORMATION TECHNOLOGY PRODUCTS. (a) ESTABLISHMENT OF POLICY. —The Secretary of Defense shall establish a policy to limit the acquisition of information assurance and information assurance-enabled information technology products to those products that have been evaluated and validated in accordance with appropriate criteria, schemes, or programs. (b) WAIVER.— As part of the policy, the Secretary of Defense shall authorize specified officials of the Department of Defense to waive the limitations of the policy upon a determination in writing that application of the limitations to the acquisition of a particular information assurance or information assuranceenabled information technology product would not be in the national security interest of the United States. (c) IMPLEMENTATION. —The Secretary of Defense shall ensure that the policy is uniformly implemented throughout the Department of Defense. SEC. 353. INSTALLATION AND CONNECTION POLICY AND PROCEDURES REGARDING DEFENSE SWITCH NETWORK Deadline. (a) ESTABLISHMENT OF POLICY AND PROCEDURES. — Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall establish clear and uniform policy and procedures, applicable to the military departments and Defense Agencies, regarding the installation and connection of telecom switches to the Defense Switch Network. (b) ELEMENTS OF POLICY AND PROCEDURES. —The policy and procedures shall address at a minimum the following: (1) Clear interoperability and compatibility requirements for procuring, certifying, installing, and connecting telecom switches to the Defense Switch Network. (2) Current, complete, and enforceable testing, validation, and certification procedures needed to ensure the interoperability and compatibility requirements are satisfied. (c) EXCEPTIONS. —(1) The Secretary of Defense may specify certain circumstances in which— (A) the requirements for testing, validation, and certification of telecom switches may be waived; or (B) interim authority for the installation and connection of telecom switches to the Defense Switch Network may be granted. (2) Only the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence may approve a waiver or grant of interim authority under paragraph (1). The authority to approve such a waiver or grant of interim authority may not be delegated. (3) The Assistant Secretary of Defense for Command, Control, Communications, and Intelligence shall consult with the Chairman of the Joint Chiefs of Staff before approving a waiver or grant of interim authority under paragraph (1). (d) INVENTORY OF DEFENSE SWITCH NETWORK.— The Secretary of Defense shall prepare and maintain an inventory of all telecom switches that, as of the date on which the Secretary issues the policy and procedures— (1) are installed or connected to the Defense Switch Network; but
�
