PRIA Logo
Take the PRIA Score
Title 41Public ContractsRelease 119-73

§1326 Requirements for executive agencies

Title 41 › Subtitle Subtitle I— - Federal Procurement Policy › Chapter CHAPTER 13— - ACQUISITION COUNCILS › Subchapter SUBCHAPTER III— - FEDERAL ACQUISITION SUPPLY CHAIN SECURITY › § 1326

Last updated Apr 6, 2026|Official source

Summary

Heads of executive agencies must check for supply-chain risks when their agency buys or uses covered items and then avoid, reduce, accept, or shift those risks following the standards the Council sets. They must give higher priority to checking things that are most important to the agency’s mission, systems, parts, services, or assets. That duty means each agency must make a broad risk-management plan, set policies and processes, use risk management through the whole life of the item, take steps to limit or fix risks, share relevant information with other agencies as the Council allows, and report progress as the Office of Management and Budget and the Council require. Agencies must include all relevant information, including classified material, in their acquisition and program-management processes. For interagency purchases, the agency providing the funds normally does the risk work unless the agencies agree otherwise. Interagency acquisition and assisted acquisition are types of agency-to-agency buying defined in the federal acquisition rules. The Secretary of Homeland Security may help agencies with assessments and offer guidance or tools, especially for information and communications technology.

Full Legal Text

Title 41, §1326

Public Contracts — Source: USLM XML via OLRC

(a)The head of each executive agency shall be responsible for—
(1)assessing the supply chain risk posed by the acquisition and use of covered articles and avoiding, mitigating, accepting, or transferring that risk, as appropriate and consistent with the standards, guidelines, and practices identified by the Council under section 1323(a)(1); and
(2)prioritizing supply chain risk assessments conducted under paragraph (1) based on the criticality of the mission, system, component, service, or asset.
(b)The responsibility for assessing supply chain risk described in subsection (a) includes—
(1)developing an overall supply chain risk management strategy and implementation plan and policies and processes to guide and govern supply chain risk management activities;
(2)integrating supply chain risk management practices throughout the life cycle of the system, component, service, or asset;
(3)limiting, avoiding, mitigating, accepting, or transferring any identified risk;
(4)sharing relevant information with other executive agencies as determined appropriate by the Council in a manner consistent with section 1323(a) of this title;
(5)reporting on progress and effectiveness of the agency’s supply chain risk management consistent with guidance issued by the Office of Management and Budget and the Council; and
(6)ensuring that all relevant information, including classified information, with respect to acquisitions of covered articles that may pose a supply chain risk, consistent with section 1323(a) of this title, is incorporated into existing processes of the agency for conducting assessments described in subsection (a) and ongoing management of acquisition programs, including any identification, investigation, mitigation, or remediation needs.
(c)(1)Except as provided in paragraph (2), in the case of an interagency acquisition, subsection (a) shall be carried out by the head of the executive agency whose funds are being used to procure the covered article.
(2)In an assisted acquisition, the parties to the acquisition shall determine, as part of the interagency agreement governing the acquisition, which agency is responsible for carrying out subsection (a).
(3)In this subsection, the terms “assisted acquisition” and “interagency acquisition” have the meanings given those terms in section 2.101 of title 48, Code of Federal Regulations (or any corresponding similar regulation or ruling).
(d)The Secretary of Homeland Security may—
(1)assist executive agencies in conducting risk assessments described in subsection (a) and implementing mitigation requirements for information and communications technology; and
(2)provide such additional guidance or tools as are necessary to support actions taken by executive agencies.

Legislative History

Notes & Related Subsidiaries

Statutory Notes and Related Subsidiaries

Effective Date

Section effective 90 days after Dec. 21, 2018, and applicable to contracts that are awarded before, on, or after that date, see section 202(c) of Pub. L. 115–390, set out as a note under section 1321 of this title. Title II of Pub. L. 115–390 effective 90 days after Dec. 21, 2018, see section 205 of Pub. L. 115–390, set out as a note under section 1321 of this title.

Reference

Citations & Metadata

Citation

41 U.S.C. § 1326

Title 41Public Contracts

Last Updated

Apr 6, 2026

Release point: 119-73