(a)
(b)
(1) obtaining a joint recommendation, in unclassified or classified form, from the chief acquisition officer and the chief information officer of the agency, or officials performing similar functions in the case of executive agencies that do not have such officials, which includes a review of any risk assessment made available by the executive agency identified under section 1323(a)(3) of this title, that there is a significant supply chain risk in a covered procurement;
(2) providing notice of the joint recommendation described in paragraph (1) to any source named in the joint recommendation advising-
(A) that a recommendation is being considered or has been obtained;
(B) to the extent consistent with the national security and law enforcement interests, of information that forms the basis for the recommendation;
(C) that, within 30 days after receipt of the notice, the source may submit information and argument in opposition to the recommendation; and
(D) of the procedures governing the consideration of the submission and the possible exercise of the authority provided in subsection (a);
(3) making a determination in writing, in unclassified or classified form, after considering any information submitted by a source under paragraph (2) and in consultation with the chief information security officer of the agency, that-
(A) use of the authority under subsection (a) is necessary to protect national security by reducing supply chain risk;
(B) less intrusive measures are not reasonably available to reduce such supply chain risk; and
(C) the use of such authorities will apply to a single covered procurement or a class of covered procurements, and otherwise specifies the scope of the determination; and
(4) providing a classified or unclassified notice of the determination made under paragraph (3) to the appropriate congressional committees and leadership that includes-
(A) the joint recommendation described in paragraph (1);
(B) a summary of any risk assessment reviewed in support of the joint recommendation required by paragraph (1); and
(C) a summary of the basis for the determination, including a discussion of less intrusive measures that were considered and why such measures were not reasonably available to reduce supply chain risk.
(c)
(1) may, to the extent necessary to address such national security interest, and subject to the conditions in paragraph (2)-
(A) temporarily delay the notice required by subsection (b)(2);
(B) make the determination required by subsection (b)(3), regardless of whether the notice required by subsection (b)(2) has been provided or whether the notified source has submitted any information in response to such notice;
(C) temporarily delay the notice required by subsection (b)(4); and
(D) exercise the authority provided in subsection (a) in accordance with such determination within 60 calendar days after the day the determination is made; and
(2) shall take actions necessary to comply with all requirements of subsection (b) as soon as practicable after addressing the urgent national security interest, including-
(A) providing the notice required by subsection (b)(2);
(B) promptly considering any information submitted by the source in response to such notice, and making any appropriate modifications to the determination based on such information;
(C) providing the notice required by subsection (b)(4), including a description of the urgent national security interest, and any modifications to the determination made in accordance with subparagraph (B); and
(D) providing notice to the appropriate congressional committees and leadership within 7 calendar days of the covered procurement actions taken under this section.
(d)
(e)
(f)
(g)
(h)
(i)
(j)
(k)
(1)
(A) the Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Armed Services, the Committee on Commerce, Science, and Transportation, the Select Committee on Intelligence, and the majority and minority leader of the Senate; and
(B) the Committee on Oversight and Government Reform, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Homeland Security, the Committee on Armed Services, the Committee on Energy and Commerce, the Permanent Select Committee on Intelligence, and the Speaker and minority leader of the House of Representatives.
(2)
(A) information technology, as defined in section 11101 of title 40, including cloud computing services of all types;
(B) telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153);
(C) the processing of information on a Federal or non-Federal information system, subject to the requirements of the Controlled Unclassified Information program; or
(D) hardware, systems, devices, software, or services that include embedded or incidental information technology.
(3)
(A) a source selection for a covered article involving either a performance specification, as provided in subsection (a)(3)(B) of section 3306 of this title, or an evaluation factor, as provided in subsection (b)(1)(A) of such section, relating to a supply chain risk, or where supply chain risk considerations are included in the agency's determination of whether a source is a responsible source as defined in section 113 of this title;
(B) the consideration of proposals for and issuance of a task or delivery order for a covered article, as provided in section 4106(d)(3) of this title, where the task or delivery order contract includes a contract clause establishing a requirement relating to a supply chain risk;
(C) any contract action involving a contract for a covered article where the contract includes a clause establishing requirements relating to a supply chain risk; or
(D) any other procurement in a category of procurements determined appropriate by the Federal Acquisition Regulatory Council, with the advice of the Federal Acquisition Security Council.
(4)
(A) The exclusion of a source that fails to meet qualification requirements established under section 3311 of this title for the purpose of reducing supply chain risk in the acquisition or use of covered articles.
(B) The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order.
(C) The determination that a source is not a responsible source as defined in section 113 of this title based on considerations of supply chain risk.
(D) The decision to withhold consent for a contractor to subcontract with a particular source or to direct a contractor to exclude a particular source from consideration for a subcontract under the contract.
(5)
(A) information technology, as defined in section 11101 of title 40;
(B) information systems, as defined in section 3502 of title 44; and
(C) telecommunications equipment and telecommunications services, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153).
(6)
(7)
(Added
The date of the enactment of the Federal Acquisition Supply Chain Security Act of 2018, referred to in subsec. (j), is the date of enactment of
Section 3101(c)(1), referred to in subsec. (k)(7), probably means section 3101(c)(1) of this title, which excepts the Department of Defense, the Coast Guard, and the National Aeronautics and Space Administration from applicability of the Procurement procedures and regulations of the Administrator of General Services.
Committee on Oversight and Government Reform of House of Representatives changed to Committee on Oversight and Reform of House of Representatives by House Resolution No. 6, One Hundred Sixteenth Congress, Jan. 9, 2019.
Title II of