10 U.S. Code § 4128 - Laboratory Quality Enhancement Program [and] Joint Federated Assurance Center

§ 4128.[1] Laboratory Quality Enhancement Program

(a) Program Required.—

(1) The Secretary of Defense, acting through the Under Secretary of Defense for Research and Engineering, shall carry out a program under which the Secretary shall establish the panels described in subsection (b) and direct such panels—

(A) to review and make recommendations to the Secretary with respect to—

(i) existing policies and practices affecting the science and technology reinvention laboratories to improve the mission effectiveness of such laboratories;

(ii) new initiatives proposed by the science and technology reinvention laboratories; and

(iii) new interpretations of existing provisions of law that would enhance the ability of a director of a science and technology reinvention laboratory to manage the laboratory and discharge the mission of the laboratory;

(B) to support implementation of current and future initiatives affecting the science and technology reinvention laboratories; and

(C) to conduct assessments or data analysis on the effectiveness of the authorities granted to the science and technology reinvention laboratories and such other issues as the Secretary determines to be appropriate.

(2) The program carried out pursuant to paragraph (1) shall be known as the “Laboratory Quality Enhancement Program”.

(b) Panels.—

The panels described in this subsection are the following:

(1) A panel on personnel, workforce development, and talent management.

(2) A panel on facilities, equipment, and infrastructure.

(3) A panel on research strategy, technology transfer, and industry and university partnerships.

(4) A panel on governance and oversight processes.

(c) Composition of Panels.—

(1) Each panel described in paragraphs (1) through (3) of subsection (b) may be composed of subject matter and technical management experts from—

(A) laboratories and research centers of the Army, Navy, and Air Force;

(B) appropriate Defense Agencies;

(C) the Office of the Under Secretary of Defense for Research and Engineering; and

(D) such other entities as the Secretary determines to be appropriate.

(2) The panel described in subsection (b)(4) shall be composed of—

(A) at least one member from each of the science and technology reinvention laboratories; and

(B) such other members as the Secretary determines to be appropriate.

(d) Governance of Panels.—

(1) The chairperson of each panel established pursuant to subsection (a) shall be selected by the members of the respective panel.

(2) Each panel, in coordination with the Under Secretary of Defense for Research and Engineering, shall transmit to the Science and Technology Executive Committee of the Department of Defense such information or findings on topics requiring decision or approval as the panel considers appropriate.

(e) Interpretation of Provisions of Law.—

(1) The Under Secretary of Defense for Research and Engineering, acting under the guidance of the Secretary, shall issue regulations regarding the meaning, scope, implementation, and applicability of any provision of a statute relating to a science and technology reinvention laboratory.

(2) In interpreting or defining under paragraph (1), the Under Secretary shall, to the degree practicable, emphasize providing the maximum operational flexibility to the directors of the science and technology reinvention laboratories to discharge the missions of their laboratories.

(3) In interpreting or defining under paragraph (1), the Under Secretary shall, to the extent practicable, consult and coordinate with the secretaries of the military departments and such other agencies or entities as the Under Secretary considers relevant on any proposed revision to regulations under paragraph (1).

(4) In interpreting or defining under paragraph (1), the Under Secretary shall seek recommendations from the panel described in subsection (b)(4).

(f) Science and Technology Reinvention Laboratory Defined.—

In this section, the term “science and technology reinvention laboratory” means a Department of Defense laboratory designated as a Department of Defense science and technology reinvention laboratory under section 4121 of this title.

(Added Pub. L. 118–159, div. A, title II, § 217(a), Dec. 23, 2024, 138 Stat. 1825.)

§ 4128.[1] Joint Federated Assurance Center

(a) Establishment.—

There is in the Office of the Under Secretary of Defense for Research and Engineering a Joint Federated Assurance Center (referred to in this section as the “Center”).

(b) Purpose.—

The purpose of the Center shall be to serve as a joint, Department-wide federation of organizations and capabilities to support the assurance needs of the Department of Defense by ensuring, pursuant to policies related to hardware and software assurance and supply chain risk management, that the software and hardware developed, acquired, maintained, and used by the Department are free from intentional and unintentional vulnerability during the life-cycle of development and deployment of assured, trustworthy defense systems.

(c) Governance.—

(1) The Center shall be governed by an Executive Steering Group. The Executive Steering Group shall continually evaluate the Center’s capabilities to support the hardware and software assurance needs of the Department.

(2) The Executive Steering Group shall be composed of one or more representatives from each of the organizations that comprise the Center.

(3) The Under Secretary of Defense for Research and Engineering and the Under Secretary of Defense for Acquisition and Sustainment shall serve as co-Chairpersons of the Executive Steering Group.

(d) Duties.—

The duties of the Center are as follows:

(1) Providing knowledge management capabilities for hardware and software assurance for the Department.

(2) Providing Department-wide visibility on strategy, use cases, procurement, investment, and other relevant activities to aggregate, to the extent practicable, assurance tool purchases by the Department.

(3) Developing and standardizing policies, procedures, competencies, risk assessment methodologies, and independent validation and verification test capabilities—

(A) to support timely and cost-effective fielding of current and future technologies to the Department;

(B) to ensure sustainment of enduring capability needs across the life-cycle of Department of Defense programs and determine the sustainment factors related to the assurance of future hardware and software systems;

(C) to increase efficiencies across Department of Defense programs through the use of emerging assurance technologies; and

(D) to leverage economies of scale through coordinated acquisition and use of hardware and software assurance technologies.

(4) Promoting assurance capabilities for hardware and software assurance—

(A) to mature assessment criteria and enable scalable deployment of commercial best practices, such as through the fostering and maturation of evidence-based assurance of trusted defense microelectronics system needs, with emphasis on commercial security protocols that are transferable to defense applications;

(B) to scale the Center for Department-wide access, through the resourcing of adequate personnel to address standardization and automation of data collection and analysis;

(C) to utilize data from commercial assurance processes to support the development of Department hardware and software that meet standards, applications, and requirements, including through comparative analysis and data modeling;

(D) to seek and apply commercial best practices, where practicable, through industry collaboration; and

(E) to develop and align Department policy, investments, and activities with commercial best practices, to the extent practicable.

(5) For contracts for application-specific integrated circuits designed by defense industrial base contractors, develop guidance for—

(A) the consideration of evidence-based assurance processes and techniques that are included in the contract data requirements list, to the extent practicable;

(B) the use of commercial best practices, as applicable, for confidentiality, integrity and availability; and

(C) the development of a library of certified third-party intellectual property for reuse, including streamlining legal mechanisms for data collection and sharing, and enhanced use of automation technology to achieve efficiency.

(6) The assessment, creation, prototyping, maturation, and maintenance of relevant assurance practices, including the validation and maturation of evidence based assurance methods, for the development, procurement, and deployment of hardware and software assurance tools and processes, including—

(A) development and assessment of validation methods for such processes and techniques, in coordination with the developmental and operational test and evaluation community, as the Executive Steering Group determines necessary;

(B) development and assessment of threat models that comprehensively characterize the threat to microelectronics confidentiality, integrity, and availability across the entire supply chain, and the design, production, packaging, and deployment cycle to support risk management and risk mitigation; and

(C) support development of guides to inform use and decision-making by program evaluators, program offices, and industry to meet software and hardware assurance requirements.

(e) Revised Charter.—

Not later than 180 days after the date of the enactment of this section, the Secretary of Defense shall issue a revised charter for the Center. The charter shall set forth—

(1) the role and authorities of the Center and the Executive Steering Group;

(2) the requirement of the Center to establish guidelines for the development of improved software code vulnerability analysis and testing tools;

(3) the requirement of the Center to establish guidelines for the development of improved hardware vulnerability testing and protection tools; and

(4) the manner in which the Center will connect to the Department’s major governance and resourcing processes to ensure the continuation of Center duties.

(Added Pub. L. 118–159, div. A, title IX, § 922(a), Dec. 23, 2024, 138 Stat. 2037.)

---

[1]  Another section 4128 is set out after this section.

Editorial Notes

Prior Provisions

Provisions similar to those in this section were contained in Pub. L. 114–328, div. A, title II, § 211, Dec. 23, 2016, 130 Stat. 2046, as amended by Pub. L. 115–91, div. A, title II, § 218(a), (b)(1), Dec. 12, 2017, 131 Stat. 1329, 1330; Pub. L. 117–81, div. A, title II, § 215(d)(6), Dec. 27, 2021, 135 Stat. 1594, which was set out in a note preceding section 4121 of this title, prior to repeal by Pub. L. 118–159, div. A, title II, § 217(b), Dec. 23, 2024, 138 Stat. 1827.

---

[1]  Another section 4128 is set out preceding this section.

Editorial Notes

References in Text

The date of the enactment of this section, referred to in subsec. (e), is the date of enactment of Pub. L. 118–159, which was approved Dec. 23, 2024.

Prior Provisions

Provisions requiring the establishment of a joint federation of capabilities to support the trusted defense system needs of the Department were contained in Pub. L. 113–66, div. A, title IX, § 937, Dec. 26, 2013, 127 Stat. 834, as amended by Pub. L. 114–92, div. A, title II, § 231, Nov. 25, 2015, 129 Stat. 778, which was set out in a note under section 2224 of this title, prior to repeal by Pub. L. 118–159, div. A, title IX, § 922(c), Dec. 23, 2024, 138 Stat. 2039.