Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · S. 4638 (Reported in Senate) — To authorize appropriations for fiscal year 2025 for military activities of the Department of Defense, for military c... · Sec. 912

Sec. 912. Joint Federated Assurance Center

1,152 words·~5 min read·/bill/118/s/4638/rs/section-912·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Subchapter III of chapter 303 of title 10, United States Code, is amended by adding at the end the following new section: There is in the Office of the Under Secretary of Defense for Research and Engineering a Joint Federated Assurance Center (in this section referred to as the Center ). The purpose of the Center shall be to serve as a joint, Department-wide federation of capabilities to support the assurance needs of the Department of Defense by ensuring, pursuant to policies related to hardware and software assurance and supply chain risk management, that the software and hardware developed, acquired, maintained, and used by the Department are free from intentional and unintentional vulnerability during the life-cycle of development and deployment of assured, trustworthy defense systems.
In carrying out the purpose described in subsection (b), the Center shall maintain capabilities for the following: Knowledge management for hardware and software assurance— to serve as the central repository for knowledge and best practices— to gain Department-wide visibility on strategy, use cases, procurement, investment, and other relevant activities; to aggregate, where practicable, purchases by the Department; and to maximize the influence of the Department on the marketplace; to coordinate and improve Department and program-specific part selection and management, as well as forecasted needs and resulting procurement; to enable and facilitate access to a universal platform, including a common interface and nomenclature, across the Department and supporting agencies; and to develop and standardize policies, procedures, and independent validation and verification test capabilities— in support of timely fielding of current and future technologies to the armed forces; to increase efficiencies to leverage emerging technologies; to increase resiliency of systems; to leverage economies of scale; and to support other relevant purposes.
Assurance capabilities for hardware and software assurance— to mature assessment criteria and enable scalable deployment of commercial best practices for evidence-based assurance of trusted defense microelectronics system needs, with emphasis on commercial security protocols that are transferable to defense applications; to scale the Center for Department-wide access, through the resourcing of adequate personnel to address standardization and automation of data collection and analysis; to utilize data from commercial assurance processes to ensure Department hardware and software meet standards, applications, and requirements, including through comparative analysis and data modeling with other entities charged with related mandates, including the Defense Microelectronics Activity; to seek and apply commercial best practices, where practicable, through industry collaboration, mutual pilot programs, and co-development of data dictionaries, templates, and other tools in support of microelectronics and software assurance; and to develop and align Department policy, investments, and activities with evidence-based commercial best practices, where practicable, with the overarching goal of providing confidence that microelectronics systems and software and their constituent elements reasonably function as intended.
For contracts for application-specific integrated circuits designed by defense industrial base contractors, develop guidance for— the use of evidence-based assurance processes and techniques that are included in the contract data requirements list; the use of commercial best industry practices for confidentiality, integrity, and availability; the establishment of a library of certified third-party intellectual property for reuse, including reuse of transistor layouts, cells, and macrocells; legal mechanisms for data collection and sharing; and the adoption of automation technology to achieve efficiency.
The development, maintenance, and sustainment of relevant evidence-based assurance standards for developing, procuring, and deploying hardware and software assurance, including— evidence-based assurance processes and techniques that sustain, build on, automate, and scale up the results and accomplishments of prototyping programs to enhance the confidentiality, integrity, and availability of microelectronics while minimizing costs and impacts to commercial manufacturing practices; validation methods for such processes and techniques, in coordination with the developmental and operational test and evaluation community, as the Under Secretary determines necessary; threat models that comprehensively characterize the threat to microelectronics confidentiality, integrity, and availability across the entire supply chain, and the design, production, packaging, and deployment cycle to support risk management and risk mitigation, based on the principle of reducing risk to as low a level as reasonably practicable, including— comparative risk assessments; and balanced and practical investments in assurance based on risks and returns; trusted systems, network criticality levels, and associated requirements for the production and acquisition of commercial-off-the-shelf integrated circuits, integrated circuits subject to the International Traffic in Arms Regulations under subchapter M of chapter I of title 22, Code of Federal Regulations, or successor regulations, and classified integrated circuits using commercial foundry manufacturing process flows; guides for Federal Government program evaluators, program offices, and industry to meet microelectronics assurance requirements; and guidance for the establishment of a government organizational structure and plan to support the acquisition of fit-for-purpose microelectronics.
In providing for the establishment of the Center, the Secretary shall consider whether the purpose of the Center can be met by existing centers in the Department that provide some or part of the hardware or software assurance capabilities needed to carry out the purpose described in subsection (b). If the Secretary determines under paragraph
(1)that there are capability gaps that cannot be satisfied by existing centers, the Secretary shall develop a strategy for creating and providing resources to fill those gaps. Not later than 180 days after the date of the enactment of this section, the Secretary shall issue a revised charter for the Center. The charter shall— be established pursuant to the trusted and assured defense systems strategy of the Department and supporting policies related to hardware and software assurance and supply chain risk management; and set forth— the role and authorities of the Center in supporting program offices in implementing the trusted defense systems strategy of the Department; the software and hardware assurance expertise and capabilities of the Center, including policies, standards, requirements, best practices, contracting, training, and testing; the requirements for the discharge by the Center of a program of research and development to improve automated software code vulnerability analysis and testing tools; the requirements for the Center to procure, manage, and distribute enterprise licenses for automated vulnerability analysis tools, including for automated software code analysis and tools used in the design and manufacture of microelectronics; and the requirements for the discharge by the Center of a program of research and development to improve hardware vulnerability, testing, and protection tools. . Not later than 240 days after the date of the enactment of this Act, the Secretary of Defense shall provide a briefing to the Committees on Armed Services of the Senate and the House of Representatives on the status of the formal establishment and revisions to the charter of the Joint Federated Analysis Center under section 4218 of title 10, United States Code, as added by subsection (a). The table of sections at the beginning of subchapter III of chapter 303 is amended by adding at the end the following new item: 4128. Joint Federated Assurance Center. . Section 937 of the National Defense Authorization Act for Fiscal Year 2014 ( Public Law 113–66 ; 10 U.S.C. 2224 note) is repealed.
Connectionstraces to 2
Citation graph
cites case law
Sec. 912
Joint Federated Assurance Center
Pub. L.Public Law 113-66
U.S.C.§ 2224
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.