The Act requires the FASC to identify an appropriate executive agency - the FASC's information sharing agency (ISA) - to perform administrative information sharing functions on behalf of the FASC, as provided at 41 U.S.C. 1323(a)(3). The ISA facilitates and provides administrative support to a FASC supply chain and risk management Task Force, and serves as the liaison to the FASC on behalf of the Task Force, as the Task Force develops the processes under which the functions described in 41 U.S.C. 1323(a)(3) are implemented on behalf of the FASC. The Department of Homeland Security (DHS), acting primarily through the Cybersecurity and Infrastructure Security Agency, is named the appropriate executive agency to serve as the FASC's ISA. The ISA's administrative functions shall not be construed to limit or impair the authority or responsibilities of any other Federal agency with respect to information sharing.
(a) Submission of information. Information should be submitted to the FASC by sending it to the ISA, acting on behalf of the FASC.
(b) Receipt and dissemination functions. The ISA, the Task Force, and support personnel at the FASC member agencies will carry out administrative information receipt and dissemination functions on behalf of the FASC.
(c) Interagency supply chain risk management task force. The FASC may identify members for an interagency supply chain risk management (SCRM) task force (the Task Force) to assist the FASC with implementing its information sharing, analysis, and risk assessment functions as described in 41 U.S.C. 1323(a)(3). The purpose of the Task Force is to allow the FASC to capitalize on the various supply chain risk management and information sharing efforts across the Federal enterprise. This Task Force includes technical experts in SCRM and related interdisciplinary experts from agencies identified in § 201-1.102 and any other agency, or agency component, the FASC Chairperson identifies. The ISA facilitates the efforts of, and provide administrative support to, the Task Force and periodically reports to the FASC on Task Force efforts.
(d) Processes and procedures. The FASC will adopt and, as it deems necessary, revise:
(1) Processes and procedures describing how the ISA operates and supports FASC recommendations issued pursuant to 41 U.S.C. 1323(c);
(2) Processes and procedures describing how Federal and non-Federal entities must submit supply chain risk information (both mandatory and voluntary submissions of information) to the FASC, including any necessary requirements for information handling, protection, and classification;
(3) Processes and procedures describing the requirements for the dissemination of classified, controlled unclassified, or otherwise protected information submitted to the FASC by executive agencies;
(4) Processes and procedures describing how the ISA facilitates the sharing of information to support supply chain risk analyses under 41 U.S.C. 1326, recommendations issued by the FASC, and covered procurement actions under 41 U.S.C. 4713;
(5) Processes and procedures describing how the ISA will provide to the FASC and to executive agencies on behalf of the FASC information regarding covered procurement actions and any issued removal or exclusion orders; and
(6) Any other processes and procedures determined by the FASC Chairperson.