(a) In General.—The Council shall perform functions that include the following:

(1) Identifying and recommending development by the National Institute of Standards and Technology of supply chain risk management standards, guidelines, and practices for executive agencies to use when assessing and developing mitigation strategies to address supply chain risks, particularly in the acquisition and use of covered articles under section 1326(a) of this title.

(2) Identifying or developing criteria for sharing information with executive agencies, other Federal entities, and non-Federal entities with respect to supply chain risk, including information related to the exercise of authorities provided under this section and sections 1326 and 4713 of this title. At a minimum, such criteria shall address—

(A) the content to be shared;

(B) the circumstances under which sharing is mandated or voluntary; and

(C) the circumstances under which it is appropriate for an executive agency to rely on information made available through such sharing in exercising the responsibilities and authorities provided under this section and section 4713 of this title.

(3) Identifying an appropriate executive agency to—

(A) accept information submitted by executive agencies based on the criteria established under paragraph (2);

(B) facilitate the sharing of information received under subparagraph (A) to support supply chain risk analyses under section 1326 of this title, recommendations under this section, and covered procurement actions under section 4713 of this title;

(C) share with the Council information regarding covered procurement actions by executive agencies taken under section 4713 of this title; and

(D) inform the Council of orders issued under this section.

(4) Identifying, as appropriate, executive agencies to provide—

(A) shared services, such as support for making risk assessments, validation of products that may be suitable for acquisition, and mitigation activities; and

(B) common contract solutions to support supply chain risk management activities, such as subscription services or machine-learning-enhanced analysis applications to support informed decision making.

(5) Identifying and issuing guidance on additional steps that may be necessary to address supply chain risks arising in the course of executive agencies providing shared services, common contract solutions, acquisitions vehicles, or assisted acquisitions.

(6) Engaging with the private sector and other nongovernmental stakeholders in performing the functions described in paragraphs (1) and (2) and on issues relating to the management of supply chain risks posed by the acquisition of covered articles.

(7) Carrying out such other actions, as determined by the Council, that are necessary to reduce the supply chain risks posed by acquisitions and use of covered articles.

(b) Program Office and Committees.—The Council may establish a program office and any committees, working groups, or other constituent bodies the Council deems appropriate, in its sole and unreviewable discretion, to carry out its functions.

(c) Authority for Exclusion or Removal Orders.—

(1) Criteria.—To reduce supply chain risk, the Council shall establish criteria and procedures for—

(A) recommending orders applicable to executive agencies requiring the exclusion of sources or covered articles from executive agency procurement actions (in this section referred to as "exclusion orders");

(B) recommending orders applicable to executive agencies requiring the removal of covered articles from executive agency information systems (in this section referred to as "removal orders");

(C) requesting and approving exceptions to an issued exclusion or removal order when warranted by circumstances, including alternative mitigation actions or other findings relating to the national interest, including national security reviews, national security investigations, or national security agreements; and

(D) ensuring that recommended orders do not conflict with standards and guidelines issued under section 11331 of title 40 and that the Council consults with the Director of the National Institute of Standards and Technology regarding any recommended orders that would implement standards and guidelines developed by the National Institute of Standards and Technology.

(2) Recommendations.—The Council shall use the criteria established under paragraph (1), information made available under subsection (a)(3), and any other information the Council determines appropriate to issue recommendations, for application to executive agencies or any subset thereof, regarding the exclusion of sources or covered articles from any executive agency procurement action, including source selection and consent for a contractor to subcontract, or the removal of covered articles from executive agency information systems. Such recommendations shall include—

(A) information necessary to positively identify the sources or covered articles recommended for exclusion or removal;

(B) information regarding the scope and applicability of the recommended exclusion or removal order;

(C) a summary of any risk assessment reviewed or conducted in support of the recommended exclusion or removal order;

(D) a summary of the basis for the recommendation, including a discussion of less intrusive measures that were considered and why such measures were not reasonably available to reduce supply chain risk;

(E) a description of the actions necessary to implement the recommended exclusion or removal order; and

(F) where practicable, in the Council's sole and unreviewable discretion, a description of mitigation steps that could be taken by the source that may result in the Council rescinding a recommendation.

(3) Notice of recommendation and review.—A notice of the Council's recommendation under paragraph (2) shall be issued to any source named in the recommendation advising—

(A) that a recommendation has been made;

(B) of the criteria the Council relied upon under paragraph (1) and, to the extent consistent with national security and law enforcement interests, of information that forms the basis for the recommendation;

(C) that, within 30 days after receipt of notice, the source may submit information and argument in opposition to the recommendation;

(D) of the procedures governing the review and possible issuance of an exclusion or removal order pursuant to paragraph (5); and

(E) where practicable, in the Council's sole and unreviewable discretion, a description of mitigation steps that could be taken by the source that may result in the Council rescinding the recommendation.

(4) Confidentiality.—Any notice issued to a source under paragraph (3) shall be kept confidential until—

(A) an exclusion or removal order is issued pursuant to paragraph (5); and

(B) the source has been notified pursuant to paragraph (6).

(5) Exclusion and removal orders.—

(A) Order issuance.—Recommendations of the Council under paragraph (2), together with any information submitted by a source under paragraph (3) related to such a recommendation, shall be reviewed by the following officials, who may issue exclusion and removal orders based upon such recommendations:

(i) The Secretary of Homeland Security, for exclusion and removal orders applicable to civilian agencies, to the extent not covered by clause (ii) or (iii).

(ii) The Secretary of Defense, for exclusion and removal orders applicable to the Department of Defense and national security systems other than sensitive compartmented information systems.

(iii) The Director of National Intelligence, for exclusion and removal orders applicable to the intelligence community and sensitive compartmented information systems, to the extent not covered by clause (ii).

(B) Delegation.—The officials identified in subparagraph (A) may not delegate any authority under this subparagraph to an official below the level one level below the Deputy Secretary or Principal Deputy Director, except that the Secretary of Defense may delegate authority for removal orders to the Commander of the United States Cyber Command, who may not redelegate such authority to an official below the level one level below the Deputy Commander.

(C) Facilitation of exclusion orders.—If officials identified under this paragraph from the Department of Homeland Security, the Department of Defense, and the Office of the Director of National Intelligence issue orders collectively resulting in a governmentwide exclusion, the Administrator for General Services and officials at other executive agencies responsible for management of the Federal Supply Schedules, governmentwide acquisition contracts and multi-agency contracts shall help facilitate implementation of such orders by removing the covered articles or sources identified in the orders from such contracts.

(D) Review of exclusion and removal orders.—The officials identified under this paragraph shall review all exclusion and removal orders issued under subparagraph (A) not less frequently than annually pursuant to procedures established by the Council.

(E) Rescission.—Orders issued pursuant to subparagraph (A) may be rescinded by an authorized official from the relevant issuing agency.

(6) Notifications.—Upon issuance of an exclusion or removal order pursuant to paragraph (5)(A), the official identified under that paragraph who issued the order shall—

(A) notify any source named in the order of—

(i) the exclusion or removal order; and

(ii) to the extent consistent with national security and law enforcement interests, information that forms the basis for the order;

(B) provide classified or unclassified notice of the exclusion or removal order to the appropriate congressional committees and leadership; and

(C) provide the exclusion or removal order to the agency identified in subsection (a)(3).

(7) Compliance.—Executive agencies shall comply with exclusion and removal orders issued pursuant to paragraph (5).

(d) Authority To Request Information.—The Council may request such information from executive agencies as is necessary for the Council to carry out its functions.

(e) Relationship to Other Councils.—The Council shall consult and coordinate, as appropriate, with other relevant councils and interagency committees, including the Chief Information Officers Council, the Chief Acquisition Officers Council, the Federal Acquisition Regulatory Council, and the Committee on Foreign Investment in the United States, with respect to supply chain risks posed by the acquisition and use of covered articles.

(f) Rules of Construction.—Nothing in this section shall be construed—

(1) to limit the authority of the Office of Federal Procurement Policy to carry out the responsibilities of that Office under any other provision of law; or

(2) to authorize the issuance of an exclusion or removal order based solely on the fact of foreign ownership of a potential procurement source that is otherwise qualified to enter into procurement contracts with the Federal Government.

Effective Date

Section effective 90 days after Dec. 21, 2018, and applicable to contracts that are awarded before, on, or after that date, see section 202(c) of Pub. L. 115–390, set out as a note under section 1321 of this title.

Title II of Pub. L. 115–390 effective 90 days after Dec. 21, 2018, see section 205 of Pub. L. 115–390, set out as a note under section 1321 of this title.


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.