Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 1419 (Introduced in Senate) — To require the Secretary of Defense to support and provide incentives for domestic manufacturing of printed circuit b... · Sec. 4

Sec. 4. Department of Defense testing of vulnerability of systems with printed circuit boards from certain countries and remediation and prevention of such vulnerabilities

630 words·~3 min read·/bill/117/s/1419/is/section-4

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than one year after the date of the enactment of this Act, the Secretary of Defense shall establish a program to test systems owned or operated by the Department of Defense for vulnerabilities to foreign interference, sabotage, espionage, and attack. Through the program established under paragraph (1), the Secretary shall test each system of the Department that contains at least one printed circuit board for which a disclosure was made pursuant to section 3(a) and an attestation was made with respect to paragraph
(1)or
(3)of such section. The Secretary shall ensure that the program established under paragraph
(1)uses, to the maximum extent practicable, best-in-breed testing and detection methods used by commercial industry, including— penetration testing; red teaming; and inventory auditing. Whenever informed of a vulnerability in a system under the program established under subsection (a)(1), the Secretary shall designate a senior official of the Department to remediate the vulnerability as soon as practicable. Remediation under paragraph
(1)shall include those measures that the designated official determines necessary to lower the risk to acceptable levels, including— adding hardware or software to isolate and contain any malicious printed circuit board; destruction, deactivation, or replacement of the system containing the vulnerability; or physical modification of the system containing the vulnerability through the insertion of a trusted printed circuit board or other hardware that does not contain known vulnerabilities. Whenever a vulnerability is found in a system from a contractor through the program established under subsection (a)(1), the Secretary of Defense shall determine whether the contractor should reasonably have discovered the vulnerability prior to delivery of the system to the Department. If, pursuant to subparagraph (A), the Secretary determines that a contractor should reasonably have discovered the vulnerability prior to delivery to the Department, the Secretary may withhold future payments to the contractor in an amount not to exceed the amount expended by the Department on remediation of the affected system. If the Secretary determines that a vulnerability identified through the program established under subsection (a)(1) is the result of any printed circuit board that the contractor imported from the People’s Republic of China after December 31, 2021, the Secretary shall presume that the contractor reasonably should have discovered the vulnerability prior to delivery to the Department. The contractor may rebut a presumption under clause
(i)with a showing of technical impossibility. Not later than one year after the date of the enactment of this Act, the Secretary shall promulgate such regulations as the Secretary considers necessary to require contractors selling goods or services to the Department that include printed circuit boards to undertake such due diligence as the Secretary considers appropriate to prevent the occurrence of vulnerabilities in such goods and services, including— certification of the ownership, management, and security of subcontractors; conducting penetration testing, red teaming exercises, and other simulated attacks against the good or service; and compliance with the Cybersecurity Maturity Model Certification, or successor model certification. Not later than December 31 of each year, the Secretary of Defense shall submit to the congressional defense committees a report on the activities carried out under this section during the preceding fiscal year. Each report submitted under paragraph
(1)shall include, for the period covered by the report, the following: The number of systems tested for vulnerabilities. The number of systems identified as having a vulnerability. The number of systems that the Department has yet to test under this section. The identity of any contractors that have been identified as failing to reasonably discover a vulnerability in a good or service provided to the Department of Defense. Such other information as the Secretary considers appropriate. In this section, the term congressional defense committees has the meaning given that term in section 101(a) of title 10, United States Code.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.