10 U.S. Code § 2339a - Requirements for information relating to supply chain risk
(a) Authority.—Subject to subsection (b), the head of a covered agency may—
carry out a covered procurement action; and
limit, notwithstanding any other provision of law, in whole or in part, the disclosure of information relating to the basis for carrying out a covered procurement action.
(b) Determination and Notification.—The head of a covered agency may exercise the authority provided in subsection (a) only after—
obtaining a joint recommendation by the Under Secretary of Defense for Acquisition and Sustainment and the Chief Information Officer of the Department of Defense, on the basis of a risk assessment by the Under Secretary of Defense for Intelligence, that there is a significant supply chain risk to a covered system;
(2) making a determination in writing, in unclassified or classified form, with the concurrence of the Under Secretary of Defense for Acquisition and Sustainment, that—
use of the authority in subsection (a)(1) is necessary to protect national security by reducing supply chain risk;
less intrusive measures are not reasonably available to reduce such supply chain risk; and
(3) providing a classified or unclassified notice of the determination made under paragraph (2) to the appropriate congressional committees, which notice shall include—
the information required by section 2304(f)(3) of this title;
the joint recommendation by the Under Secretary of Defense for Acquisition and Sustainment and the Chief Information Officer of the Department of Defense as specified in paragraph (1);
a summary of the risk assessment by the Under Secretary of Defense for Intelligence 1 that serves as the basis for the joint recommendation specified in paragraph (1); and
a summary of the basis for the determination, including a discussion of less intrusive measures that were considered and why they were not reasonably available to reduce supply chain risk.
The head of a covered agency may not delegate the authority provided in subsection (a) or the responsibility to make a determination under subsection (b) to an official below the level of the service acquisition executive for the agency concerned.
(d) Limitation on Disclosure.—If the head of a covered agency has exercised the authority provided in subsection (a)(2) to limit disclosure of information—
no action undertaken by the agency head under such authority shall be subject to review in a bid protest before the Government Accountability Office or in any Federal court; and
(2) the agency head shall—
notify other Department of Defense components or other Federal agencies responsible for procurements that may be subject to the same or similar supply chain risk, in a manner and to the extent consistent with the requirements of national security; and
(e) Definitions.—In this section:
(1) Head of a covered agency.—The term “head of a covered agency” means each of the following:
(2) Covered procurement action.—The term “covered procurement action” means any of the following actions, if the action takes place in the course of conducting a covered procurement:
The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order.
The decision to withhold consent for a contractor to subcontract with a particular source or to direct a contractor for a covered system to exclude a particular source from consideration for a subcontract under the contract.
(3) Covered procurement.—The term “covered procurement” means—
the consideration of proposals for and issuance of a task or delivery order for a covered system or a covered item of supply, as provided in section 2304c(d)(3) of this title, where the task or delivery order contract concerned includes a contract clause establishing a requirement relating to supply chain risk; or
(4) Supply chain risk.—
The term “supply chain risk” means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system.
(5) Covered system.—
(6) Covered item of supply.—
(7) Appropriate congressional committees.—The term “appropriate congressional committees” means—
in the case of a covered system included in the National Intelligence Program or the Military Intelligence Program, the Select Committee on Intelligence of the Senate, the Permanent Select Committee on Intelligence of the House of Representatives, and the congressional defense committees; and
in the case of a covered system not otherwise included in subparagraph (A), the congressional defense committees.
 See Change of Name note below.
2019—Subsec. (e)(5). Pub. L. 116–92 substituted “section 3552(b)(6)” for “section 3542(b)”.