§3334e — Title 50 War and National Defense | U.S. Code

Summary

Leaders of intelligence agencies (not including parts of the Department of Defense) can block or exclude suppliers, add or enforce contract rules about supply-chain safety, and keep secret the reasons for those decisions when needed to protect national-security computer systems from tampering or sabotage. Key words: covered agency = an intelligence community element except the Department of Defense; covered item of supply = information-technology bought for a covered system where loss of integrity could create supply-chain risk; covered procurement = buying actions that involve supply-chain risk rules or evaluations; covered procurement action = steps like excluding a supplier, rejecting a low-rated bidder, or denying a subcontractor; covered system = a national security system; supply chain risk = the threat that an enemy could sabotage, add malicious functions, or otherwise corrupt a system so it can be spied on, denied, disrupted, or degraded. Before using this authority, the agency head must consult relevant procurement officials and the Director of National Intelligence, write a (possibly classified) finding that the action is needed to protect national security and that less intrusive steps aren’t available, notify the Director of National Intelligence (unless the Director made the decision), and give the congressional intelligence committees a (possibly classified) notice explaining the basis and less-intrusive options considered. The decision cannot be delegated below the agency’s service acquisition executive. This authority is in addition to other laws and took effect 180 days after January 3, 2012 for contracts awarded on or after that date.

Title 50, §3334e

War and National Defense — Source: USLM XML via OLRC

(a)In this section:

(1)The term “covered agency” means any element of the intelligence community other than an element within the Department of Defense.

(2)The term “covered item of supply” means an item of information technology (as that term is defined in section 11101 of title 40) that is purchased for inclusion in a covered system, and the loss of integrity of which could result in a supply chain risk for a covered system.

(3)The term “covered procurement” means—

(A)a source selection for a covered system or a covered item of supply involving either a performance specification, as provided in section 3306(a)(3)(B) of title 41, or an evaluation factor, as provided in section 3306(b)(1) of such title, relating to supply chain risk;

(B)the consideration of proposals for and issuance of a task or delivery order for a covered system or a covered item of supply, as provided in section 4106(d)(3) of title 41, where the task or delivery order contract concerned includes a contract clause establishing a requirement relating to supply chain risk; or

(C)any contract action involving a contract for a covered system or a covered item of supply where such contract includes a clause establishing requirements relating to supply chain risk.

(4)The term “covered procurement action” means any of the following actions, if the action takes place in the course of conducting a covered procurement:

(A)The exclusion of a source that fails to meet qualifications standards established in accordance with the requirements of section 3311 of title 41 for the purpose of reducing supply chain risk in the acquisition of covered systems.

(B)The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order.

(C)The decision to withhold consent for a contractor to subcontract with a particular source or to direct a contractor for a covered system to exclude a particular source from consideration for a subcontract under the contract.

(5)The term “covered system” means a national security system, as that term is defined in section 3552 of title 44.

(6)The term “supply chain risk” means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system.

(b)Subject to subsection (c) and in consultation with the Director of National Intelligence, the head of a covered agency may, in conducting intelligence and intelligence-related activities—

(1)carry out a covered procurement action; and

(2)limit, notwithstanding any other provision of law, in whole or in part, the disclosure of information relating to the basis for carrying out a covered procurement action.

(c)The head of a covered agency may exercise the authority provided in subsection (b) only after—

(1)any appropriate consultation with procurement or other relevant officials of the covered agency;

(2)making a determination in writing, which may be in classified form, that—

(A)use of the authority in subsection (b)(1) is necessary to protect national security by reducing supply chain risk;

(B)less intrusive measures are not reasonably available to reduce such supply chain risk; and

(C)in a case where the head of the covered agency plans to limit disclosure of information under subsection (b)(2), the risk to national security due to the disclosure of such information outweighs the risk due to not disclosing such information;

(3)notifying the Director of National Intelligence that there is a significant supply chain risk to the covered system concerned, unless the head of the covered agency making the determination is the Director of National Intelligence; and

(4)providing a notice, which may be in classified form, of the determination made under paragraph (2) to the congressional intelligence committees that includes a summary of the basis for the determination, including a discussion of less intrusive measures that were considered and why they were not reasonably available to reduce supply chain risk.

(d)The head of a covered agency may not delegate the authority provided in subsection (b) or the responsibility to make a determination under subsection (c) to an official below the level of the service acquisition executive for the agency concerned.

(e)The authority under this section is in addition to any other authority under any other provision of law. The authority under this section shall not be construed to alter or effect the exercise of any other provision of law.

(f)The requirements of this section shall take effect on the date that is 180 days after January 3, 2012, and shall apply to contracts that are awarded on or after such date.

Notes & Related Subsidiaries

Editorial Notes

Codification Section was formerly set out as a note under section 3329 of this title.

Amendments

2022—Subsec. (a)(5). Pub. L. 117–263 substituted “section 3552” for “section 3542(b)”. 2019—Subsec. (g). Pub. L. 116–92 struck out subsec. (g). Prior to amendment, text read as follows: “The authority provided in this section shall expire on the date that section 806 of the Ike Skelton National Defense Authorization Act for Fiscal Year 2011 (Public Law 111–383; 10 U.S.C. 2304 note) expires.”

Statutory Notes and Related Subsidiaries

Definitions For definitions of “intelligence community” and “congressional intelligence committees”, referred to in text, see section 2 of Pub. L. 112–87, set out as a note under section 3003 of this title.

§3334e Enhanced Procurement Authority to Manage Supply Chain Risk