View all text of Subchapter II [§ 3321 - § 3334t]

§ 3334e. Enhanced procurement authority to manage supply chain risk
(a) DefinitionsIn this section:
(1) Covered agency

The term “covered agency” means any element of the intelligence community other than an element within the Department of Defense.

(2) Covered item of supply

The term “covered item of supply” means an item of information technology (as that term is defined in section 11101 of title 40) that is purchased for inclusion in a covered system, and the loss of integrity of which could result in a supply chain risk for a covered system.

(3) Covered procurementThe term “covered procurement” means—
(A) a source selection for a covered system or a covered item of supply involving either a performance specification, as provided in section 3306(a)(3)(B) of title 41, or an evaluation factor, as provided in section 3306(b)(1) of such title, relating to supply chain risk;
(B) the consideration of proposals for and issuance of a task or delivery order for a covered system or a covered item of supply, as provided in section 4106(d)(3) of title 41, where the task or delivery order contract concerned includes a contract clause establishing a requirement relating to supply chain risk; or
(C) any contract action involving a contract for a covered system or a covered item of supply where such contract includes a clause establishing requirements relating to supply chain risk.
(4) Covered procurement actionThe term “covered procurement action” means any of the following actions, if the action takes place in the course of conducting a covered procurement:
(A) The exclusion of a source that fails to meet qualifications standards established in accordance with the requirements of section 3311 of title 41 for the purpose of reducing supply chain risk in the acquisition of covered systems.
(B) The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order.
(C) The decision to withhold consent for a contractor to subcontract with a particular source or to direct a contractor for a covered system to exclude a particular source from consideration for a subcontract under the contract.
(5) Covered system

The term “covered system” means a national security system, as that term is defined in section 3552 of title 44.

(6) Supply chain risk

The term “supply chain risk” means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system.

(b) AuthoritySubject to subsection (c) and in consultation with the Director of National Intelligence, the head of a covered agency may, in conducting intelligence and intelligence-related activities—
(1) carry out a covered procurement action; and
(2) limit, notwithstanding any other provision of law, in whole or in part, the disclosure of information relating to the basis for carrying out a covered procurement action.
(c) Determination and notificationThe head of a covered agency may exercise the authority provided in subsection (b) only after—
(1) any appropriate consultation with procurement or other relevant officials of the covered agency;
(2) making a determination in writing, which may be in classified form, that—
(A) use of the authority in subsection (b)(1) is necessary to protect national security by reducing supply chain risk;
(B) less intrusive measures are not reasonably available to reduce such supply chain risk; and
(C) in a case where the head of the covered agency plans to limit disclosure of information under subsection (b)(2), the risk to national security due to the disclosure of such information outweighs the risk due to not disclosing such information;
(3) notifying the Director of National Intelligence that there is a significant supply chain risk to the covered system concerned, unless the head of the covered agency making the determination is the Director of National Intelligence; and
(4) providing a notice, which may be in classified form, of the determination made under paragraph (2) to the congressional intelligence committees that includes a summary of the basis for the determination, including a discussion of less intrusive measures that were considered and why they were not reasonably available to reduce supply chain risk.
(d) Delegation

The head of a covered agency may not delegate the authority provided in subsection (b) or the responsibility to make a determination under subsection (c) to an official below the level of the service acquisition executive for the agency concerned.

(e) Savings

The authority under this section is in addition to any other authority under any other provision of law. The authority under this section shall not be construed to alter or effect the exercise of any other provision of law.

(f) Effective date

The requirements of this section shall take effect on the date that is 180 days after January 3, 2012, and shall apply to contracts that are awarded on or after such date.

(Pub. L. 112–87, title III, § 309, Jan. 3, 2012, 125 Stat. 1883; Pub. L. 116–92, div. E, title LXIII, § 6309, Dec. 20, 2019, 133 Stat. 2190; Pub. L. 117–263, div. F, title LXVIII, § 6824(c), Dec. 23, 2022, 136 Stat. 3615.)