Congress released the final version of its fiscal year 2019 defense policy bill Monday that calls on the Pentagon to implement the first ever cyber warfare policy and provide justification of its acquisition approach to its massive cloud computing projects before receiving full funding.

House and Senate lawmakers’ National Defense Authorization Act (NDAA) conference report includes a provision withholding 15 percent of funding for the Department of Defense’s cloud initiatives, including the multi-billion dollar Joint Enterprise Defense Infrastructure (JEDI), until congressional defense committees receive a report detailing the department’s acquisition approach.CAPITOL

“The conferees note that although transparency and information sharing by the department on the cloud initiative has slightly improved, it continues to be insufficient for conducting congressional oversight. The conferees expect the department to improve communication with Congress on this issue and will consider additional legislation if an improvement is not seen,” lawmakers wrote in their conference report.

The bill asks the DoD CIO to compile a report on how the JEDI cloud project is being conducted in a full, open competition.

Dana Deasy, the new DoD CIO, announced on July 11 that the Pentagon would conducting a full review of JEDI before moving forward with the acquisition process (Defense Daily, July 11).

The announcement arrives after DoD missed an original May deadline to post the final RFP, and industry pushback regarding the sole-source contract structure potentially creating bias for a large cloud such as Amazon [AMZN] Web Services.

The conference report also presses the Pentagon to finalize and implement the first cyber warfare policy needed to counter actors, such as China, Iran, North Korea and Russia’s increasingly aggressive actions.

Lawmakers emphasized the need to prioritize the readiness of Cyber Command and DoD’s cyber mission forces to make full use of their warfare capabilities and information operation tools.

Priorities include the readiness of U.S. Cyber Command, cyber mission forces, and cyber warfare tools and capabilities, including initiatives to strengthen the cyber workforce;

Army Gen. Paul Nakasone, the new leader of Cyber Command, told lawmakers during his confirmation hearing that a defined strategy was needed to properly respond to cyber attacks, including Russian interference in U.S. elections (Defense Daily, March 1).

Specifically, the bill would provide DoD more room to explore its offensive cyber capabilities to deter adversaries, as well as increasing the use of electronic warfare operations.

“Two warfare areas in which our peer competitors are beginning to outpace U.S. capabilities, and for which the Department of Defense has struggled for years across the Services to implement capabilities coherently,” lawmakers wrote in their conference report.

The bill also includes increased funding to address cyber threats to missile systems, and requires DoD senior leadership to notify Congress of all major cyber security breaches and potential loss of sensitive information.

The House is likely to vote on the NDAA conference report Thursday morning, according to Rep. Joe Courtney (D-Conn.).