Sec. 851. Supply chain security of certain telecommunications and video surveillance services or equipment

1,460 words·~7 min read·/bill/116/hr/2500/pcs/section-851

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Secretary of Defense, in consultation with the Federal Acquisition Security Council (established under section 1322 of title 41, United States Code) and the Director of the Office of Management and Budget, shall conduct a comprehensive assessment of— Department of Defense policies relating to covered equipment and services; covered equipment and services acquired or to be acquired for the Department; and systems of covered contractors to ensure the security of the supply chains of such covered contractor. The assessment described in subsection

(a)shall include— an identification of instances in which the Federal Acquisition Security Council has identified supply chain risks (as defined in section 4713(k) of title 41, United States Code) that are specific to the defense industrial base and other threat assessments related to the procurement of covered articles (as defined in such section); an identification of and suggestions for guidance on the process of debarment and suspension (including debarment and suspension for nonprocurement programs and activities) of covered contractors to address supply chain risks relating to acquisitions for the Department of Defense, including acquisitions involving other executive agencies; and an identification of steps that could be taken to address situations identified under paragraphs

(1)and

(2)through the Interagency Suspension and Debarment Committee established under Executive Order No. 12549 (51 Fed. Reg. 6370). Not later than 180 days after the date of the enactment of this Act, the Secretary shall, based on the results of the assessment required by subsection (a)— issue or revise guidance to ensure any entity within the Department of Defense that procures covered equipment and services implements a risk-based approach with respect to such a procurement that addresses— requirements for training personnel; the process for making sourcing decisions; with respect to a procurement of telecommunications equipment or video surveillance equipment, assurances relating to the traceability of parts of such equipment; the process for reporting suspect covered equipment and services; and corrective actions for the acquisition of suspect covered equipment and services (including actions to recover costs as described in subsection (d)(2)); issue or revise guidance to ensure that remedial actions, including debarment or suspension, are taken with respect to a covered contractor who has failed to detect and avoid suspect covered equipment and services or otherwise failed to exercise due diligence in the detection and avoidance of such suspect covered equipment and services; establish a process for ensuring that a Department of Defense employee provide a written report to the appropriate Government authorities and the Government-Industry Data Exchange Program (or a similar program designated by the Secretary) not later than 60 days after such an employee becomes aware, or has reason to suspect that— any end item, component, part, or material contained in supplies purchased by or for the Department contains suspect covered equipment and services; or a covered contractor has provided suspect covered equipment and services; and establish a process for analyzing, assessing, and acting on reports of suspect covered equipment and services that are submitted in accordance with paragraph (3). Not later than 270 days after the date of the enactment of this Act, the Secretary shall revise the Department of Defense Supplement to the Federal Acquisition Regulation to address the detection and avoidance of suspect covered equipment and services. The revised regulations issued pursuant to paragraph

(1)shall provide that— covered contractors who supply covered equipment or services are responsible for detecting and avoiding the use or inclusion of suspect covered equipment or services and for any contract modification or corrective action that may be required to remedy the use or inclusion of such suspect covered equipment or services; and the cost of suspect covered equipment or services and the cost of contract modification or corrective action that may be required to remedy the use or inclusion of such suspect covered equipment or services are not allowable costs under defense contracts, unless— the covered contractor has an operational system to detect and avoid suspect covered equipment or services that has been reviewed and approved by the Secretary pursuant to subsection (e)(2)(B); suspect covered equipment or services were provided to the covered contractor as Government property in accordance with part 45 of the Federal Acquisition Regulation or were obtained by the covered contractor in accordance with regulations described in paragraph (3); and the covered contractor discovers the suspect covered equipment or services and provides timely notice to the Government pursuant to paragraph (4). The revised regulations issued pursuant to paragraph

(1)shall— require that covered contractors obtain covered equipment or services— from the original manufacturers of the equipment or their authorized dealers, or from suppliers that meet requirements of subparagraph

(C)or

(D)and, with respect to suppliers of telecommunications equipment or video surveillance equipment, that obtain such equipment exclusively from the original manufacturers of the parts of such equipment or their authorized dealers; and that are not in production or currently available in stock from suppliers that meet requirements of subparagraph

(C)or (D); establish requirements for notification of the Department, and for inspection, testing, and authentication of covered equipment and services that covered contractor obtains from an alternate supplier; establish qualification requirements, consistent with the requirements of section 2319 of title 10, United States Code, pursuant to which the Secretary may identify suppliers that have appropriate policies and procedures in place to detect and avoid suspect covered equipment and services; and authorize covered contractors to identify and use suppliers that meet qualification requirements, provided that— the standards and processes for identifying such suppliers comply with established industry standards; and the selection of such suppliers is subject to review, audit, and approval by appropriate Department of Defense officials. The revised regulations issued pursuant to paragraph

(1)shall require that any covered contractor provide a written report to the appropriate Government authorities and the Government-Industry Data Exchange Program (or a similar program designated by the Secretary) not later than 60 days after such covered contractor becomes aware, or has reason to suspect that— any end item, component, part, or material contained in supplies purchased by or for the Department contains suspect covered equipment and services; or a supplier of a covered contractor has provided suspect covered equipment and services. Not later than 270 days after the date of the enactment of this Act, the Secretary shall implement a program to enhance the detection and avoidance of the acquisition of suspect covered equipment and services by covered contractors. The program implemented pursuant to paragraph

(1)shall— require covered contractors to establish policies and procedures to eliminate suspect covered equipment and services from the defense supply chain, which policies and procedures shall address— the training of personnel; and with respect to a procurement of telecommunications equipment or video surveillance equipment, the inspection and testing of related materials and mechanisms to enable traceability of parts of such equipment; and establish processes for the review and approval of contractor systems for the detection and avoidance of the acquisition of suspect covered equipment and services by covered contractors, which processes shall be comparable to the processes established for contractor business systems under section 893 of the Ike Skelton National Defense Authorization Act for Fiscal Year 2011 ( Public Law 111–383 ; 124 Stat. 4311; 10 U.S.C. 2302 note). Nothing in this section shall be construed to prohibit the Secretary from entering into a contract with a covered contractor to provide a service that connects to the facilities of a third party, such as backhaul, roaming, or interconnection arrangements. Not later than 180 days after completing the assessment required under subsection (a), the Secretary shall submit to the congressional defense committees a report on the results of the assessment and the actions taken following the assessment pursuant to subsection (c). In this section: The term covered equipment and services means telecommunications equipment, telecommunications services, video surveillance equipment, and video surveillance services manufactured or controlled by an entity for which the principal place of business of such entity is located in foreign country that is an adversary of the United States, but does not include telecommunications equipment or video surveillance equipment (other than optical transmission components) that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles. The term covered contractor means a contractor or subcontractor (at any tier) that supplies covered equipment and services to the Department of Defense. The term executive agency has the meaning given in section 133 of title 41, United States Code. The term Secretary means the Secretary of Defense. The term suspect covered equipment and services means covered equipment and services that is from any source, or that is a covered article, subject to an exclusion order or removal order under section 1323(c) of title 41, United States Code.

Connectionstraces to 2

Traces to 2 documents