VitalLaw reports:
The Department of Defense would have to add new cybersecurity requirements to its contracts for telecom services when those services are used for “sensitive national security functions” under legislation released yesterday by the House Armed Services Committee.
The committee released a compromise version of the National Defense Authorization Act (NDAA) for Fiscal Year 2026 (S.B. 1071, 119th Cong. (2025)). The compromise bill, negotiated over several weeks by a House-Senate conference committee, reconciles differences between the House and Senate versions of the NDAA.
“Beginning not later than 90 days after the date of enactment of this Act, the Secretary of Defense shall ensure that each wireless mobile phone the Department of Defense provides to a senior official of the Department or any other employee of the Department who performs sensitive national security functions, as determined by the Secretary, and all related telecommunications services are acquired under contracts or other agreements that require … enhanced cybersecurity protections,” the bill says.
The enhanced protections would have to include (1) “encryption of data on the wireless mobile phones and of all telecommunications to and from the wireless mobile phones,” (2) the ability to “obfuscate persistent device identifiers … to reduce the risk of inappropriate tracking of the activity or location of the wireless mobile phones,” and (3) “the capability to continuously monitor the wireless mobile phones.”
Read about other provisions at VitalLaw.
