§4129 — Title 10 Armed Forces | U.S. Code

§4129 Joint Federated Assurance Center

Title 10 › Subtitle Subtitle A— - General Military Law › Part PART V— - ACQUISITION › Subpart Subpart E— - Research and Engineering › Chapter CHAPTER 303— - RESEARCH AND ENGINEERING ACTIVITIES › Subchapter SUBCHAPTER III— - RESEARCH AND DEVELOPMENT CENTERS AND FACILITIES › § 4129

Last updated Apr 6, 2026|Official source

Summary

Creates a Joint Federated Assurance Center inside the Office of the Under Secretary of Defense for Research and Engineering. The Center must help the Department of Defense make sure the hardware and software it builds, buys, and uses are free from intentional and accidental weaknesses during their whole life cycle. The Center is run by an Executive Steering Group made up of representatives from the Center’s member organizations. The Under Secretary of Defense for Research and Engineering and the Under Secretary of Defense for Acquisition and Sustainment must serve as co-chairs. The Steering Group must keep checking the Center’s capabilities. The Center must do things like collect and share knowledge on hardware and software security, give the Department a Department-wide view of strategy and buying to better coordinate tool purchases, and create common policies, testing methods, and validation practices to speed fielding, sustain capabilities, improve efficiency, and reduce costs. It must promote commercial best practices, scale access across the Department, use commercial data and industry collaboration, and provide guidance for contracts for application-specific integrated circuits (covering evidence-based assurance, commercial security practices, and a library of certified third-party IP). It must also develop, test, and maintain assurance methods and threat models for microelectronics and make guides for program offices and industry. The Secretary of Defense must issue a revised charter for the Center within 180 days after this law is enacted that sets out the Center’s role and authorities, guidelines for better software and hardware vulnerability testing tools, and how the Center will link into the Department’s main governance and funding processes.

Title 10, §4129

Armed Forces — Source: USLM XML via OLRC

(a)There is in the Office of the Under Secretary of Defense for Research and Engineering a Joint Federated Assurance Center (referred to in this section as the “Center”).

(b)The purpose of the Center shall be to serve as a joint, Department-wide federation of organizations and capabilities to support the assurance needs of the Department of Defense by ensuring, pursuant to policies related to hardware and software assurance and supply chain risk management, that the software and hardware developed, acquired, maintained, and used by the Department are free from intentional and unintentional vulnerability during the life-cycle of development and deployment of assured, trustworthy defense systems.

(c)(1)The Center shall be governed by an Executive Steering Group. The Executive Steering Group shall continually evaluate the Center’s capabilities to support the hardware and software assurance needs of the Department.

(2)The Executive Steering Group shall be composed of one or more representatives from each of the organizations that comprise the Center.

(3)The Under Secretary of Defense for Research and Engineering and the Under Secretary of Defense for Acquisition and Sustainment shall serve as co-Chairpersons of the Executive Steering Group.

(d)The duties of the Center are as follows:

(1)Providing knowledge management capabilities for hardware and software assurance for the Department.

(2)Providing Department-wide visibility on strategy, use cases, procurement, investment, and other relevant activities to aggregate, to the extent practicable, assurance tool purchases by the Department.

(3)Developing and standardizing policies, procedures, competencies, risk assessment methodologies, and independent validation and verification test capabilities—

(A)to support timely and cost-effective fielding of current and future technologies to the Department;

(B)to ensure sustainment of enduring capability needs across the life-cycle of Department of Defense programs and determine the sustainment factors related to the assurance of future hardware and software systems;

(C)to increase efficiencies across Department of Defense programs through the use of emerging assurance technologies; and

(D)to leverage economies of scale through coordinated acquisition and use of hardware and software assurance technologies.

(4)Promoting assurance capabilities for hardware and software assurance—

(A)to mature assessment criteria and enable scalable deployment of commercial best practices, such as through the fostering and maturation of evidence-based assurance of trusted defense microelectronics system needs, with emphasis on commercial security protocols that are transferable to defense applications;

(B)to scale the Center for Department-wide access, through the resourcing of adequate personnel to address standardization and automation of data collection and analysis;

(C)to utilize data from commercial assurance processes to support the development of Department hardware and software that meet standards, applications, and requirements, including through comparative analysis and data modeling;

(D)to seek and apply commercial best practices, where practicable, through industry collaboration; and

(E)to develop and align Department policy, investments, and activities with commercial best practices, to the extent practicable.

(5)For contracts for application-specific integrated circuits designed by defense industrial base contractors, develop guidance for—

(A)the consideration of evidence-based assurance processes and techniques that are included in the contract data requirements list, to the extent practicable;

(B)the use of commercial best practices, as applicable, for confidentiality, integrity and availability; and

(C)the development of a library of certified third-party intellectual property for reuse, including streamlining legal mechanisms for data collection and sharing, and enhanced use of automation technology to achieve efficiency.

(6)The assessment, creation, prototyping, maturation, and maintenance of relevant assurance practices, including the validation and maturation of evidence based assurance methods, for the development, procurement, and deployment of hardware and software assurance tools and processes, including—

(A)development and assessment of validation methods for such processes and techniques, in coordination with the developmental and operational test and evaluation community, as the Executive Steering Group determines necessary;

(B)development and assessment of threat models that comprehensively characterize the threat to microelectronics confidentiality, integrity, and availability across the entire supply chain, and the design, production, packaging, and deployment cycle to support risk management and risk mitigation; and

(C)support development of guides to inform use and decision-making by program evaluators, program offices, and industry to meet software and hardware assurance requirements.

(e)Not later than 180 days after the date of the enactment of this section, the Secretary of Defense shall issue a revised charter for the Center. The charter shall set forth—

(1)the role and authorities of the Center and the Executive Steering Group;

(2)the requirement of the Center to establish guidelines for the development of improved software code vulnerability analysis and testing tools;

(3)the requirement of the Center to establish guidelines for the development of improved hardware vulnerability testing and protection tools; and

(4)the manner in which the Center will connect to the Department’s major governance and resourcing processes to ensure the continuation of Center duties.

Notes & Related Subsidiaries

Editorial Notes

References in Text

The date of the enactment of this section, referred to in subsec. (e), is the date of enactment of Pub. L. 118–159, which was approved Dec. 23, 2024.

Prior Provisions

Provisions requiring the establishment of a joint federation of capabilities to support the trusted defense system needs of the Department were contained in Pub. L. 113–66, div. A, title IX, § 937, Dec. 26, 2013, 127 Stat. 834, as amended by Pub. L. 114–92, div. A, title II, § 231, Nov. 25, 2015, 129 Stat. 778, which was set out in a note under section 2224 of this title, prior to repeal by Pub. L. 118–159, div. A, title IX, § 922(c), Dec. 23, 2024, 138 Stat. 2039.

Amendments

2025—Pub. L. 119–60 renumbered section 4128 of this title, relating to the Joint Federated Assurance Center, as this section.