HR6558-119

2. Secure mobile phones for senior officials and personnel performing sensitive functions Beginning not later than 90 days after the date of enactment of this Act, the Secretary of Defense shall ensure that each wireless mobile phone the Department of Defense provides to a senior official of the Department or any other employee of the Department who performs sensitive national security functions, as determined by the Secretary, and all related telecommunications services are acquired under contracts or other agreements that require the enhanced cybersecurity protections described in subsection (b). The enhanced cybersecurity protections described in this subsection enhanced cybersecurity protections for wireless mobile phones and related telecommunication services that includes— encryption of data on the wireless mobile phones and of all telecommunications to and from the wireless mobile phones through such telecommunication services; capabilities to mitigate or obfuscate persistent device identifiers, including periodic rotation of network or hardware identifiers to reduce the risk of inappropriate tracking of the activity or location of the wireless mobile phones; and the capability to continuously monitor the wireless mobile phones. Not later than 180 days after the enactment of this Act, the Secretary of Defense shall submit to the congressional defense committees a report containing— a list of the contracts or other agreements entered into pursuant to subsection (a); the criteria used by the Secretary to determine which employees of the Department of Defense performs sensitive national security functions for the purposes of subsection (a), and the total number of such employees; and the total costs of wireless mobile phones and telecommunication services required by subsection (a).