(a)
(1) Identifying and recommending development by the National Institute of Standards and Technology of supply chain risk management standards, guidelines, and practices for executive agencies to use when assessing and developing mitigation strategies to address supply chain risks, particularly in the acquisition and use of covered articles under section 1326(a) of this title.
(2) Identifying or developing criteria for sharing information with executive agencies, other Federal entities, and non-Federal entities with respect to supply chain risk, including information related to the exercise of authorities provided under this section and sections 1326 and 4713 of this title. At a minimum, such criteria shall address-
(A) the content to be shared;
(B) the circumstances under which sharing is mandated or voluntary; and
(C) the circumstances under which it is appropriate for an executive agency to rely on information made available through such sharing in exercising the responsibilities and authorities provided under this section and section 4713 of this title.
(3) Identifying an appropriate executive agency to-
(A) accept information submitted by executive agencies based on the criteria established under paragraph (2);
(B) facilitate the sharing of information received under subparagraph (A) to support supply chain risk analyses under section 1326 of this title, recommendations under this section, and covered procurement actions under section 4713 of this title;
(C) share with the Council information regarding covered procurement actions by executive agencies taken under section 4713 of this title; and
(D) inform the Council of orders issued under this section.
(4) Identifying, as appropriate, executive agencies to provide-
(A) shared services, such as support for making risk assessments, validation of products that may be suitable for acquisition, and mitigation activities; and
(B) common contract solutions to support supply chain risk management activities, such as subscription services or machine-learning-enhanced analysis applications to support informed decision making.
(5) Identifying and issuing guidance on additional steps that may be necessary to address supply chain risks arising in the course of executive agencies providing shared services, common contract solutions, acquisitions vehicles, or assisted acquisitions.
(6) Engaging with the private sector and other nongovernmental stakeholders in performing the functions described in paragraphs (1) and (2) and on issues relating to the management of supply chain risks posed by the acquisition of covered articles.
(7) Carrying out such other actions, as determined by the Council, that are necessary to reduce the supply chain risks posed by acquisitions and use of covered articles.
(b)
(c)
(1)
(A) recommending orders applicable to executive agencies requiring the exclusion of sources or covered articles from executive agency procurement actions (in this section referred to as "exclusion orders");
(B) recommending orders applicable to executive agencies requiring the removal of covered articles from executive agency information systems (in this section referred to as "removal orders");
(C) requesting and approving exceptions to an issued exclusion or removal order when warranted by circumstances, including alternative mitigation actions or other findings relating to the national interest, including national security reviews, national security investigations, or national security agreements; and
(D) ensuring that recommended orders do not conflict with standards and guidelines issued under section 11331 of title 40 and that the Council consults with the Director of the National Institute of Standards and Technology regarding any recommended orders that would implement standards and guidelines developed by the National Institute of Standards and Technology.
(2)
(A) information necessary to positively identify the sources or covered articles recommended for exclusion or removal;
(B) information regarding the scope and applicability of the recommended exclusion or removal order;
(C) a summary of any risk assessment reviewed or conducted in support of the recommended exclusion or removal order;
(D) a summary of the basis for the recommendation, including a discussion of less intrusive measures that were considered and why such measures were not reasonably available to reduce supply chain risk;
(E) a description of the actions necessary to implement the recommended exclusion or removal order; and
(F) where practicable, in the Council's sole and unreviewable discretion, a description of mitigation steps that could be taken by the source that may result in the Council rescinding a recommendation.
(3)
(A) that a recommendation has been made;
(B) of the criteria the Council relied upon under paragraph (1) and, to the extent consistent with national security and law enforcement interests, of information that forms the basis for the recommendation;
(C) that, within 30 days after receipt of notice, the source may submit information and argument in opposition to the recommendation;
(D) of the procedures governing the review and possible issuance of an exclusion or removal order pursuant to paragraph (5); and
(E) where practicable, in the Council's sole and unreviewable discretion, a description of mitigation steps that could be taken by the source that may result in the Council rescinding the recommendation.
(4)
(A) an exclusion or removal order is issued pursuant to paragraph (5); and
(B) the source has been notified pursuant to paragraph (6).
(5)
(A)
(i) The Secretary of Homeland Security, for exclusion and removal orders applicable to civilian agencies, to the extent not covered by clause (ii) or (iii).
(ii) The Secretary of Defense, for exclusion and removal orders applicable to the Department of Defense and national security systems other than sensitive compartmented information systems.
(iii) The Director of National Intelligence, for exclusion and removal orders applicable to the intelligence community and sensitive compartmented information systems, to the extent not covered by clause (ii).
(B)
(C)
(D)
(E)
(6)
(A) notify any source named in the order of-
(i) the exclusion or removal order; and
(ii) to the extent consistent with national security and law enforcement interests, information that forms the basis for the order;
(B) provide classified or unclassified notice of the exclusion or removal order to the appropriate congressional committees and leadership; and
(C) provide the exclusion or removal order to the agency identified in subsection (a)(3).
(7)
(d)
(e)
(f)
(1) to limit the authority of the Office of Federal Procurement Policy to carry out the responsibilities of that Office under any other provision of law; or
(2) to authorize the issuance of an exclusion or removal order based solely on the fact of foreign ownership of a potential procurement source that is otherwise qualified to enter into procurement contracts with the Federal Government.
(Added
Section effective 90 days after Dec. 21, 2018, and applicable to contracts that are awarded before, on, or after that date, see section 202(c) of
Title II of