Editorial Notes

References in Text

Executive Order 12829, referred to in subsec. (b), is set out as a note under section 3161 of Title 50, War and National Defense.

Amendments

2017—Subsec. (f). Pub. L. 115–91 struck out subsec. (f) which related to biennial reports on expenditures and activities of the Department of Defense in carrying out the requirements of this section.

2011—Subsec. (f). Pub. L. 111–383 struck out ", United States Code," after "title 31".

2009—Pub. L. 111–84 renumbered section 438 of this title as this section.

Statutory Notes and Related Subsidiaries

Establishment of Pilot Program for Access to Shared Classified Commercial Infrastructure

Pub. L. 118–159, div. A, title VIII, §874, Dec. 23, 2024, 138 Stat. 2012, provided that:

"(a) Pilot Program Required.—Not later than 180 days after the date of the enactment of this Act [Dec. 23, 2024], the Secretary of Defense shall establish a pilot program on streamlining access for small business concerns and institutions of higher learning to shared classified commercial infrastructure—

"(1) to expand access to secret or collateral accredited facilities and sensitive compartmented information facilities and special access program facilities to securely perform work under existing classified contracts;

"(2) to reduce the cost and administrative requirements for a facility to receive and maintain accreditation and certification as an accredited facility;

"(3) to increase opportunities for small business concerns and institutions of higher learning to have access to and compete for classified contracts; and

"(4) to identify policy barriers that prevent components of the Department of Defense from more broadly using shared classified commercial infrastructure and prototyping proposed solutions.

"(b) Designation of Principal Civilian Official.—

"(1) In general.—The Secretary shall designate an existing civilian official of the Department of Defense who shall be responsible for the administration of the pilot program established under subsection (a).

"(2) Responsibilities.—The responsibilities of the civilian official designated under paragraph (1) shall include the following:

"(A) To seek to enter into a contact or other agreement with one or more private entities—

"(i) for access for contractors and components of the Department of Defense to shared classified commercial infrastructure; and

"(ii) to facilitate the use of such infrastructure by covered small business concerns and institutions of higher learning.

"(B) In consultation with the Office of the Director of National Intelligence, to coordinate with the Director of the Defense Counterintelligence and Security Agency, the Director of the Defense Intelligence Agency, and the Director of the Defense Information Systems Agency to update or prescribe policies and regulations governing the process and timelines pertaining to how shared commercial classified infrastructure may obtain relevant facility authorizations and access to secure information technology networks from the Department of Defense.

"(C) To make recommendations to the Secretary of Defense regarding the modernization, streamlining, and acceleration of the approval process of the Department of Defense for contacts, subcontracts, and co-use or joint use agreements for shared classified commercial infrastructure.

"(D) The development and maintenance of metrics tracking the outcomes of each request made under the pilot program for the accreditation of shared commercial classified infrastructure as an accredited facility.

"(c) Requirements.—

"(1) Policies and regulations.—As part of the pilot program established under subsection (a), the Director of the Defense Counterintelligence and Security Agency, the Director of the Defense Intelligence Agency, and the Director of the Defense Information Systems Agency shall each update or prescribe policies and regulations governing the processes and timelines pertaining to how shared commercial classified infrastructure may obtain relevant facility sponsorship, associated authorizations and accreditation, and access to relevant secure information technology networks from the Department of Defense.

"(2) Modernization, streamlining, and acceleration.—The Secretary of Defense shall ensure that the pilot program established under subsection (a) includes efforts to modernize, streamline, and accelerate the approval process of the Department of Defense for shared, co-use, and joint use agreements to facilitate the access of small business concerns and institutions of higher learning performing under contracts or other agreements with the Department to classified environments.

"(d) Reports.—

"(1) In general.—The Secretary of Defense shall submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives], Permanent Select Committee on Intelligence of the House of Representatives and the Select Committee on Intelligence of the Senate, a report on the pilot program established under subsection (a)—

"(A) after the establishment of such pilot program, but not later than two years after the establishment of such pilot program; and

"(B) after the termination of such pilot program pursuant to subsection (e), but not later than 120 days after such termination.

"(2) Contents.—Each report submitted pursuant to paragraph (1) shall include the following:

"(A) A list of each request made under the pilot program for the accreditation of a facility as an accredited facility, including the date on which the request was made to the civilian official designated under subsection (b) and to the relevant facility accreditation agency.

"(B) A list of the total number of personnel authorized to conduct inspections under the pilot program for the accreditation and certification of facilities as accredited facilities.

"(C) Actions taken by the civilian official designated under subsection (b) to streamline the process of the Department of Defense for approval of co-use and joint use agreements to facilitate the access of small business concerns and institutions of higher learning performing under contracts or other agreements with the Department to classified environments, including any updated or new policies or guidance issued as a result of the pilot program.

"(D) A list of all unutilized and currently accredited sensitive compartmented information facilities owned and operated by the Department of Defense that are located within 25 miles of a facility described in subsection (a)(1).

"(E) A list of the metrics or other measures used by the Department of Defense to assess the benefits to the Department from the pilot program established under subsection (a), and any other metrics the Secretary of Defense deems appropriate.

"(e) Termination.—The authority to carry out the pilot program required by subsection (a) and the requirements of this section shall terminate on September 30, 2030.

"(f) Definitions.—In this section:

"(1) The term 'institution of higher learning' has the meaning given such term in section 3452(f) of title 38, United States Code.

"(2) The term 'shared commercial classified infrastructure' means fully managed, shared, classified infrastructure (including physical facilities), and associated services that are operated by a private third-party for the benefit of appropriately cleared government and contractor personnel who have limited or constrained access to secret collateral and sensitive compartmented information facilities.

"(3) The term 'small business concern' has the meaning given such term under section 3 of the Small Business Act (15 U.S.C. 632)."

Pilot Program for Department of Defense Controlled Unclassified Information in the Hands of Industry

Pub. L. 115–232, div. A, title X, §1048, Aug. 13, 2018, 132 Stat. 1961, provided that:

"(a) In General.—The Secretary of Defense—

"(1) shall establish and implement a pilot program for oversight of designated Department of Defense controlled unclassified information in the hands of defense contractors with foreign ownership, control, or influence concerns; and

"(2) may designate an entity within the Department to be responsible for the pilot program under paragraph (1).

"(b) Program Requirements.—The pilot program under subsection (a) shall have the following elements:

"(1) The use of a capability to rapidly identify companies subject to foreign ownership, control, or influence that are processing designated controlled unclassified information, including unclassified controlled technical information.

"(2) The use, in consultation with the Chief of Information Officer of the Department, of a capability or means for assessing industry compliance with Department cybersecurity standards.

"(3) A means of demonstrating whether and under what conditions the risk to national security posed by access to Department controlled unclassified information, including unclassified controlled technical information, by a company under foreign ownership, control, or influence company can be mitigated and how such mitigation could be enforced.

"(c) Briefing Required.—By not later than 30 days after the completion of the pilot program under this section, but in no case later than December 1, 2019, the Secretary shall provide to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] a briefing on the results of the pilot program and any decisions about whether to implement the pilot program on a Department-wide basis."

Requirements Relating to Multi-Use Sensitive Compartmented Information Facilities

Pub. L. 115–91, div. A, title XVI, §1628, Dec. 12, 2017, 131 Stat. 1735, provided that:

"(a) In General.—In order to facilitate access for small business concerns and nontraditional defense contractors to affordable secure spaces, the Secretary of Defense, in consultation with the Director of National Intelligence, shall develop processes and procedures necessary to build, certify, and maintain certifications for multi-use sensitive compartmented information facilities not tied to a single contract and where multiple companies can securely work on multiple projects at different security levels.

"(b) Definitions.—In this section:

"(1) The term 'small business concern' has the meaning given that term under section 3 of the Small Business Act (15 U.S.C. 632).

"(2) The term 'nontraditional defense contractors' has the meaning given that term in section 2302 of title 10, United States Code [now 10 U.S.C. 3014]."

Requirement for Entities With Facility Clearances That Are Not Under Foreign Ownership Control or Influence Mitigation

Pub. L. 111–383, div. A, title VIII, §845, Jan. 7, 2011, 124 Stat. 4285, provided that:

"(a) Requirement.—The Secretary of Defense shall develop a plan to ensure that covered entities employ and maintain policies and procedures that meet requirements under the national industrial security program. In developing the plan, the Secretary shall consider whether or not covered entities, or any category of covered entities, should be required to establish government security committees similar to those required for companies that are subject to foreign ownership control or influence mitigation measures.

"(b) Covered Entity.—A covered entity under this section is an entity—

"(1) to which the Department of Defense has granted a facility clearance; and

"(2) that is not subject to foreign ownership control or influence mitigation measures.

"(c) Guidance.—The Secretary of Defense shall issue guidance, including appropriate compliance mechanisms, to implement the requirement in subsection (a). To the extent determined appropriate by the Secretary, the guidance shall require covered entities, or any category of covered entities, to establish government security committees similar to those required for companies that are subject to foreign ownership control or influence mitigation measures.

"(d) Report.—Not later than 270 days after the date of the enactment of this Act [Jan. 7, 2011], the Secretary shall submit to the Committees on Armed Services of the Senate and the House of Representatives a report on the plan developed pursuant to subsection (a) and the guidance issued pursuant to subsection (c). The report shall specifically address the rationale for the Secretary's decision on whether or not to require covered entities, or any category of covered entities, to establish government security committees similar to those required for companies that are subject to foreign ownership control or influence mitigation measures."

Submission of First Biennial Report

Pub. L. 110–417, [div. A], title VIII, §845(b), Oct. 14, 2008, 122 Stat. 4542, required the first biennial report under former subsec. (f) of this section to be submitted no later than Sept. 1, 2009.