PRIA Logo
Title 41Public ContractsRelease 119-73not60

§1326 Requirements for Executive Agencies

Title 41 › Subtitle Subtitle I— Federal Procurement Policy › Chapter 13— ACQUISITION COUNCILS › Subchapter III— FEDERAL ACQUISITION SUPPLY CHAIN SECURITY › § 1326

Last updated Apr 5, 2026|Official source

Summary

Heads of executive agencies must check how buying and using covered articles could create supply chain risks and then avoid, reduce, accept, or transfer those risks under the standards set by the Council in section 1323(a)(1). They must do these checks first for the most critical missions, systems, components, services, or assets. They must also make a risk-management plan, use risk controls throughout the life of a system or product, fix or lessen problems found, share relevant information with other agencies as the Council allows, and report progress under guidance from the Office of Management and Budget and the Council. All relevant information, including classified material about covered articles, must be included in existing acquisition and program reviews. For interagency purchases, the agency providing the funds must do the assessment unless an assisted acquisition agreement says otherwise. The terms "assisted acquisition" and "interagency acquisition" mean what 48 CFR 2.101 says. The Secretary of Homeland Security may help agencies with risk checks and give extra guidance and tools for information and communications technology.

Full Legal Text

Title 41, §1326

Public Contracts — Source: USLM XML via OLRC

(a)The head of each executive agency shall be responsible for—
(1)assessing the supply chain risk posed by the acquisition and use of covered articles and avoiding, mitigating, accepting, or transferring that risk, as appropriate and consistent with the standards, guidelines, and practices identified by the Council under section 1323(a)(1); and
(2)prioritizing supply chain risk assessments conducted under paragraph (1) based on the criticality of the mission, system, component, service, or asset.
(b)The responsibility for assessing supply chain risk described in subsection (a) includes—
(1)developing an overall supply chain risk management strategy and implementation plan and policies and processes to guide and govern supply chain risk management activities;
(2)integrating supply chain risk management practices throughout the life cycle of the system, component, service, or asset;
(3)limiting, avoiding, mitigating, accepting, or transferring any identified risk;
(4)sharing relevant information with other executive agencies as determined appropriate by the Council in a manner consistent with section 1323(a) of this title;
(5)reporting on progress and effectiveness of the agency’s supply chain risk management consistent with guidance issued by the Office of Management and Budget and the Council; and
(6)ensuring that all relevant information, including classified information, with respect to acquisitions of covered articles that may pose a supply chain risk, consistent with section 1323(a) of this title, is incorporated into existing processes of the agency for conducting assessments described in subsection (a) and ongoing management of acquisition programs, including any identification, investigation, mitigation, or remediation needs.
(c)(1)Except as provided in paragraph (2), in the case of an interagency acquisition, subsection (a) shall be carried out by the head of the executive agency whose funds are being used to procure the covered article.
(2)In an assisted acquisition, the parties to the acquisition shall determine, as part of the interagency agreement governing the acquisition, which agency is responsible for carrying out subsection (a).
(3)In this subsection, the terms “assisted acquisition” and “interagency acquisition” have the meanings given those terms in section 2.101 of title 48, Code of Federal Regulations (or any corresponding similar regulation or ruling).
(d)The Secretary of Homeland Security may—
(1)assist executive agencies in conducting risk assessments described in subsection (a) and implementing mitigation requirements for information and communications technology; and
(2)provide such additional guidance or tools as are necessary to support actions taken by executive agencies.

Legislative History

Notes & Related Subsidiaries

Statutory Notes and Related Subsidiaries

Effective Date

Section effective 90 days after Dec. 21, 2018, and applicable to contracts that are awarded before, on, or after that date, see section 202(c) of Pub. L. 115–390, set out as a note under section 1321 of this title. Title II of Pub. L. 115–390 effective 90 days after Dec. 21, 2018, see section 205 of Pub. L. 115–390, set out as a note under section 1321 of this title.

Reference

Citations & Metadata

Citation

41 U.S.C. § 1326

Title 41Public Contracts

Last Updated

Apr 5, 2026

Release point: 119-73not60