Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · National Defense Authorization Act for Fiscal Year 2018 · Sec. 1634

Sec. 1634. PROHIBITION ON USE OF PRODUCTS AND SERVICES DEVELOPED OR PROVIDED BY KASPERSKY LAB

693 words·~3 min read·/statute-compilations/comps-13932/sec-1634

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1634 PROHIBITION ON USE OF PRODUCTS AND SERVICES DEVELOPED OR PROVIDED BY KASPERSKY LAB ###
(a)Prohibition No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another department, agency, organization, or element of the Federal Government, any hardware, software, or services developed or provided, in whole or in part, by— ####
(1)Kaspersky Lab (or any successor entity); ####
(2)any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or ####
(3)any entity of which Kaspersky Lab has majority ownership. ###
(b)Effective Date The prohibition in subsection
(a)shall take effect on October 1, 2018. ###
(c)Review and Report ####
(1)Review The Secretary of Defense, in consultation with the Secretary of Energy, the Secretary of Homeland Security, the Attorney General, the Administrator of the General Services Administration, and the Director of National Intelligence, shall conduct a review of the procedures for removing suspect products or services from the information technology networks of the Federal Government. ####
(2)Report #####
(A)In general Not later than 180 days after the date of the enactment of this Act, Secretary of Defense shall submit to the appropriate congressional committees a report on the review conducted under paragraph (1). #####
(B)Elements The report under subparagraph
(A)shall include the following: ######
(i)A description of the Federal Government-wide authorities that may be used to prohibit, exclude, or prevent the use of suspect products or services on the information technology networks of the Federal Government, including— ######
(I)the discretionary authorities of agencies to prohibit, exclude, or prevent the use of such products or services; ######
(II)the authorities of a suspension and debarment official to prohibit, exclude, or prevent the use of such products or services; ######
(III)authorities relating to supply chain risk management; ######
(IV)authorities that provide for the continuous monitoring of information technology networks to identify suspect products or services; and ######
(V)the authorities provided under the Federal Information Security Management Act of 2002. ######
(ii)Assessment of any gaps in the authorities described in clause (i), including any gaps in the enforcement of decisions made under such authorities. ######
(iii)An explanation of the capabilities and methodologies used to periodically assess and monitor the information technology networks of the Federal Government for prohibited products or services. ######
(iv)An assessment of the ability of the Federal Government to periodically conduct training and exercises in the use of the authorities described in clause (i)— ######
(I)to identify recommendations for streamlining process; and ######
(II)to identify recommendations for education and training curricula, to be integrated into existing training or certification courses. ######
(v)A description of information sharing mechanisms that may be used to share information about suspect products or services, including mechanisms for the sharing of such information among the Federal Government, industry, the public, and international partners. ######
(vi)Identification of existing tools for business intelligence, application management, and commerce due-diligence that are either in use by elements of the Federal Government, or that are available commercially. ######
(vii)Recommendations for improving the authorities, processes, resourcing, and capabilities of the Federal Government for the purpose of improving the procedures for identifying and removing prohibited products or services from the information technology networks of the Federal Government. ######
(viii)Any other matters the Secretary determines to be appropriate. #####
(C)Form The report under subparagraph
(A)shall be submitted in unclassified form, but may include a classified annex. ####
(3)Appropriate congressional committees defined In this section, the term “appropriate congressional committees” means the following: #####
(A)The Committee on Armed Services, the Committee on Energy and Commerce, the Committee on Homeland Security, the Committee on the Judiciary, the Committee on Oversight and Government Reform, and the Permanent Select Committee on Intelligence of the House of Representatives. #####
(B)The Committee on Armed Services, the Committee on Energy and Natural Resources, the Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, and the Select Committee on Intelligence of the Senate.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.