10 U.S.C. § 4819

Current through P.L. 118-106 (published on www.congress.gov on 10/04/2024)
Section 4819 - Modernization of acquisition processes to ensure integrity of industrial base
(a) DIGITIZATION AND MODERNIZATION.-The Secretary of Defense shall streamline and digitize the Department of Defense approach for identifying and mitigating risks to the defense industrial base.
(b) OBJECTIVE.-The objective of subsection (a) shall be to employ digital tools, technologies, and approaches to ensure the accessibility of relevant defense industrial base data to key decision-makers in the Department.
(c) ANALYTICAL FRAMEWORK.-
(1) The Under Secretary of Defense for Acquisition and Sustainment, in coordination with the Director of the Defense Counterintelligence and Security Agency and the heads of other elements of the Department of Defense as appropriate, shall develop an analytical framework for risk mitigation across the acquisition process in implementing subsections (a) and (b).
(2) The analytical framework required under paragraph (1) shall include the following elements:
(A) Characterization and monitoring of supply chain risks, such as those identified through the supply chain risk management process of the Department and by the Federal Acquisition Security Council, and including-
(i) material sources and fragility, including the extent to which sources, items, materials, and articles are mined, produced, or manufactured within or outside the United States;
(ii) telecommunications services or equipment;
(iii) counterfeit parts;
(iv) cybersecurity of contractors;
(v) video surveillance services or equipment;
(vi) vendor vetting in contingency or operational environments;
(vii) other electronic or information technology products and services; and
(viii) other risk areas as determined appropriate by the Secretary of Defense.
(B) Characterization and monitoring of risks posed by contractor behavior that constitutes or may constitute violations of laws or regulations, including those relating to-
(i) fraud;
(ii) ownership structures;
(iii) trafficking in persons;
(iv) workers' health and safety;
(v) affiliation with the enemy;
(vi) foreign influence; and
(vii) other risk areas as deemed appropriate by the Secretary of Defense.
(C) Characterization and assessment of the acquisition processes and procedures of the Department of Defense, including-
(i) market research;
(ii) responsibility determinations, including consideration of the need for special standards of responsibility to address the risks described in subparagraphs (A) and (B);
(iii) facilities clearances;
(iv) the development of contract requirements;
(v) the technical evaluation of offers and contract awards;
(vi) contractor mobilization, including hiring, training, and establishing facilities;
(vii) contract administration, contract management, and oversight;
(viii) contract audit for closeout;
(ix) suspension and debarment activities and administrative appeals activities;
(x) contractor business system reviews;
(xi) processes and procedures related to supply chain risk management and processes and procedures implemented pursuant to section 3252 of this title; and
(xii) other relevant processes and procedures.
(D) Characterization and monitoring of the health and activities of the defense industrial base, including those relating to-
(i) balance sheets, revenues, profitability, and debt;
(ii) investment, innovation, and technological and manufacturing sophistication;
(iii) finances, access to capital markets, and cost of raising capital within those markets;
(iv) corporate governance, leadership, and culture of performance; and
(v) history of performance on past Department of Defense and government contracts.
(E) Characterization and assessment of industrial base support policies, programs, and procedures, including-
(i) limitations and acquisition guidance relevant to the national technology and industrial base;
(ii) limitations and acquisition guidance relevant to section 4862 of this title;
(iii) the Industrial Base Analysis and Sustainment program of the Department, including direct support and common design activities;
(iv) the Small Business Innovation Research Program (as defined in section 9(e) of the Small Business Act (15 U.S.C. 638(e));
(v) the Manufacturing Technology Program established under sections 4841 and 4842 of this title;
(vi) programs relating to the Defense Production Act of 1950 (50 U.S.C. 45111 et seq.); and
(vii) programs operating in each military department.
(d) ROLES AND RESPONSIBILITIES.-The Secretary of Defense shall designate the roles and responsibilities of organizations and individuals to execute activities under this section, including-
(1) the Under Secretary of Defense for Acquisition and Sustainment, including the Office of Defense Pricing and Contracting and the Office of Industrial Policy;
(2) service acquisition executives;
(3) program offices and procuring contracting officers;
(4) administrative contracting officers within the Defense Contract Management Agency and the Supervisor of Shipbuilding;
(5) the Defense Counterintelligence and Security Agency;
(6) the Defense Contract Audit Agency;
(7) each element of the Department of Defense which own or operate systems containing data relevant to contractors of the Department;
(8) the Under Secretary of Defense for Research and Engineering;
(9) the suspension and debarment official of the Department;
(10) the Chief Information Officer; and
(11) other relevant organizations and individuals as deemed appropriate by the Secretary.
(e) ENABLING DATA, TOOLS, AND SYSTEMS.-
(1)
(A) The Under Secretary of Defense for Acquisition and Sustainment, in consultation with the Chief Data Officer of the Department of Defense and the Director of the Defense Counterintelligence and Security Agency, shall assess the extent to which existing systems of record relevant to risk assessments and contracting are producing, exposing, and maintaining valid and reliable data for the purposes of the Department's continuous assessment and mitigation of risks in the defense industrial base.
(B) The assessment required under subparagraph (A) shall include the following elements:
(i) Identification of the necessary source data, to include data from contractors, intelligence and security activities, program offices, and commercial research entities.
(ii) A description of modern data infrastructure, tools, and applications and an assessment of the extent to which new capabilities would improve the effectiveness and efficiency of mitigating the risks described in subsection (c)(2).
(iii) An assessment of the following systems owned or operated outside of the Department of Defense that the Department depends upon or to which it provides data, including the following:
(I) The Federal Awardee Performance and Integrity Information System (FAPIIS).
(II) The System for Award Management (SAM).
(III) The Federal Procurement Data System-Next Generation (FPDS-NG).
(IV) The Electronic Data Management Information System.
(V) Other systems the Secretary of Defense determines appropriate.
(iv) An assessment of systems owned or operated by the Department of Defense, including the Defense Counterintelligence and Security Agency and other defense agencies and field activities used to capture and analyze the status and performance (including past performance) of vendors and contractors.
(2)
(A) Based on the findings pursuant to paragraph (1), the Secretary of Defense shall develop a unified set of activities to modernize the systems of record, data sources and collection methods, and data exposure mechanisms. The unified set of activities should include-
(i) the ability to continuously collect data on, assess, and mitigate risks;
(ii) data analytics and business intelligence tools and methods; and
(iii) continuous development and continuous delivery of secure software to implement the activities.
(B) In connection with the assessments described in this section, the Secretary shall develop capabilities to map supply chains and to assess risks to the supply chain for major end items by business sector, vendor, program, part, and other metrics as determined by the Secretary.
(f) RULE OF CONSTRUCTION.-Nothing in this section shall be construed to limit or modify any other procurement policy, procedure, requirement, or restriction provided by law.

1See References in Text note below.

10 U.S.C. § 4819

Added Pub. L. 116-92, div. A, title VIII, §845(a), Dec. 20, 2019, 133 Stat. 1500, §2509; renumbered §4819 and amended Pub. L. 116-283, div. A, title VIII, §843(a), title XVIII, §§1867(b), (d)(6), 1883(b)(2), Jan. 1, 2021, 134 Stat. 3765, 4281, 4282, 4294; Pub. L. 117-81, div. A, title VIII, §841, title XVII, §1701(d)(16), Dec. 27, 2021, 135 Stat. 1839, 2137.

EDITORIAL NOTES

REFERENCES IN TEXTThe Defense Production Act of 1950 (50 U.S.C. 4511 et seq.), referred to in subsec. (c)(2)(E)(vi), probably means act Sept. 8, 1950, ch. 932, 64 Stat. 798, which is classified principally to chapter 55 (§4501 et seq.) of Title 50, War and National Defense. For complete classification of this Act to the Code, see section 4501 of Title 50 and Tables.

AMENDMENTS2021- Pub. L. 116-283, §1867(b), renumbered section 2509 of this title as this section.Subsec. (a). Pub. L. 117-81, §841(1), struck out "existing" before "Department of Defense approach" and "across the acquisition process, creating a continuous model that uses digital tools, technologies, and approaches designed to ensure the accessibility of data to key decision-makers in the Department" before period at end. Subsec. (b). Pub. L. 117-81, §841(4), added subsec. (b). Former subsec. (b) redesignated (c).Subsec. (b)(2)(A). Pub. L. 116-283, §843(a)(1)(A)(i), inserted "such as those identified through the supply chain risk management process of the Department and by the Federal Acquisition Security Council, and" after "supply chain risks," in introductory provisions.Subsec. (b)(2)(A)(ii). Pub. L. 116-283, §843(a)(1)(A) (ii), struck out "(other than optical transmission components)" after "equipment".Subsec. (b)(2)(C)(xi). Pub. L. 117-81, §1701(d) (16)(A), which directed the substitution of "section 3252" for "section 2339a", could not be executed as directed because "section 2339a" did not appear in subsec. (b)(2)(C)(xi) after the intervening redesignation of subsec. (b) of this section as subsec. (c) by Pub. L. 117-81, §841(3), and could not be executed in subsec. (c)(2)(C)(xi) as redesignated to reflect the probable intent of Congress, because of the intervening amendment by Pub. L. 116-283, §1883(b)(2), which had already made that substitution. See notes below. Pub. L. 116-283, §843(a)(1)(B), added cl. (xi). Former cl. (xi) redesignated (xii).Subsec. (b)(2)(C)(xii). Pub. L. 116-283, §843(a)(1)(B) (ii), redesignated cl. (xi) as (xii). Subsec. (b)(2)(E). Pub. L. 116-283, §843(a)(1)(C), added subpar. (E).Subsec. (b)(2)(E)(ii). Pub. L. 117-81, §1701(d) (16)(B)(ii), which directed the substitution of "section 4862" for "section 2533a", could not be executed as directed because "section 2533a" did not appear in subsec. (b)(2)(E)(ii) after the intervening redesignation of subsec. (b) of this section as subsec. (c) by Pub. L. 117-81, §841(3), and could not be executed in subsec. (c)(2)(E)(ii) as redesignated because of the intervening amendment by Pub. L. 116-283, §1883(b)(2), which had already made that substitution. See notes below.Subsec. (c). Pub. L. 117-81, §841(3), redesignated subsec. (b) as (c). Former subsec. (c) redesignated (d).Subsec. (c)(1). Pub. L. 117-81, §841(5)(A), inserted "in implementing subsections (a) and (b)" before period at end.Subsec. (c)(2)(A)(viii). Pub. L. 117-81, §841(5)(B)(i), inserted "by the Secretary of Defense" before period at end.Subsec. (c)(2)(B). Pub. L. 117-81, §841(5)(B) (ii)(I), substituted "constitutes or may constitute" for "constitute" in introductory provisions.Subsec. (c)(2)(B)(vii). Pub. L. 117-81, §841(5)(B) (ii)(II), inserted "by the Secretary of Defense" before period at end.Subsec. (c)(2)(C)(xi). Pub. L. 116-283, §1883(b)(2), substituted "section 3252" for "section 2339a".Subsec. (c)(2)(E)(i). Pub. L. 117-81, §1701(d) (16)(B)(i), which directed amendment of subsec. (b)(2)(E)(i) by striking out "(as defined in section 2500(1) of this title)", was executed by striking out "(as defined in section 4801(1) of this title)" before semicolon at end of subsec. (c)(2)(E)(i) to reflect the probable intent of Congress and the intervening amendments by Pub. L. 116-283, §1883(b)(2), and Pub. L. 117-81, §841(3) . See notes above and below. Pub. L. 116-283, §1883(b)(2), substituted "section 4801(1)" for "section 2500(1)".Subsec. (c)(2)(E)(ii). Pub. L. 116-283, §1883(b)(2), substituted "section 4862" for "section 2533a". Subsec. (c)(2)(E)(v). Pub. L. 117-81, §1701(d) (16)(B)(iii), which directed the amendment of subsec. (b)(2)(E)(v) of this section by substituting "sections 4841 and 4842" for "section 2521", was executed to subsec. (c)(2)(E)(v) to reflect the probable intent of Congress and the intervening amendment by Pub. L. 117-81, §841(3) . See note above. Pub. L. 116-283, §1883(b)(2), which directed that each reference in the text of title 10 to a section that was redesignated by title XVIII of Pub. L. 116-283, as such section was in effect before the redesignation, be amended by striking such reference and inserting a reference to the appropriate redesignated section, was not executed by substituting "section 4841" for "section 2521", to reflect the probable intent of Congress and execution of the subsequent amendment by section 1701(d)(16)(B)(iii) of Pub. L. 117-81 specifically directing the substitution of "sections 4841 and 4842" for "section 2521". See note above. Although section 2521 of this title was redesignated as section 4841, subsec. (e) of section 4841 was transferred to become the text of section 4842 immediately thereafter. Subsec. (d). Pub. L. 117-81, §841(3), redesignated subsec. (c) as (d). Former subsec. (d) redesignated (e).Subsec. (d)(11). Pub. L. 117-81, §841(6), inserted "as deemed appropriate by the Secretary" before period at end.Subsec. (e). Pub. L. 117-81, §841(3), redesignated subsec. (d) as (e). Former subsec. (e) redesignated (f).Subsec. (e)(1)(A). Pub. L. 117-81, §841(7)(A)(i), struck out "timely" before "maintaining valid and reliable data". Subsec. (e)(1)(B)(ii). Pub. L. 117-81, §841(7)(A) (ii)(I), added cl. (ii) and struck out former cl. (ii) which read as follows: "A description of the modern data infrastructure, tools, and applications and what changes would improve the effectiveness and efficiency of mitigating the risks described in subsection (b)(2)."Subsec. (e)(1)(B)(iii). Pub. L. 117-81, §841(7)(A) (ii)(II), inserted ",including the following" before colon at end of introductory provisions.Subsec. (e)(2). Pub. L. 117-81, §841(7)(B), added par. (2) and struck out former par. (2) which related to Secretary of Defense's development of unified set of activities to modernize systems of record, data sources and collection methods, and data exposure mechanisms.Subsec. (f). Pub. L. 117-81, §841(2), (3), redesignated subsec. (e) as (f) and struck out former subsec. (f) which related to implementation and reporting requirements.Subsec. (f)(1)(A). Pub. L. 116-283, §1867(d)(6), which directed the substitution of "section 3252(c)" for "section 2339a(e)", could not be executed because of the prior repeal of subsec. (f) by Pub. L. 117-81, §841(2) . See note above. Subsec. (f)(2). Pub. L. 116-283, §843(a)(2), inserted ",and supporting policies, procedures, and guidance relating to such actions" after "subsection (b)".Subsec. (g). Pub. L. 117-81, §841(2), struck out subsec. (g) which related to briefing and periodic assessments of reviews by Comptroller General.

STATUTORY NOTES AND RELATED SUBSIDIARIES

EFFECTIVE DATE OF 2021 AMENDMENT Amendment by section 1701(d)(16) of Pub. L. 117-81 to take effect immediately after the amendments made by title XVIII of Pub. L. 116-283 have taken effect, see section 1701(a)(3) of Pub. L. 117-81, set out in a note preceding section 3001 of this title and note below. Amendment by sections 1867(b), (d)(6) and 1883(b)(2) of Pub. L. 116-283 effective Jan. 1, 2022, with additional provisions for delayed implementation and applicability of existing law, see section 1801(d) of Pub. L. 116-283, set out as a note preceding section 3001 of this title.

MITIGATING RISKS RELATED TO FOREIGN OWNERSHIP, CONTROL, OR INFLUENCE OF DEPARTMENT OF DEFENSE CONTRACTORS OR SUBCONTRACTORS Pub. L. 116-283, div. A, title VIII, §819(c), Jan. 1, 2021, 134 Stat. 3752, provided that: "(1) IMPLEMENTATION PLAN.-Not later than March 1, 2021, the Secretary of Defense shall provide to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] a plan and schedule for implementation of the requirements of section 847 of the National Defense Authorization Act for Fiscal Year 2020 (Public Law 116-92; 133 Stat. 1505; 10 U.S.C. 2509 note [now 10 U.S.C. 4819 note]) [set out below], as amended by this section, including- "(A) a timeline for issuance of regulations, development of training for appropriate officials, and development of systems for reporting of beneficial ownership and FOCI by covered contractors or subcontractors;"(B) the designation of officials and organizations responsible for such implementation; and"(C) interim milestones to be met in implementing the plan and schedule. "(2) REVISION OF REGULATIONS, DIRECTIVES, GUIDANCE, TRAINING, AND POLICIES.-Not later than July 1, 2021, the Secretary of Defense shall revise relevant directives, guidance, training, and policies, including revising the Department of Defense Supplement to the Federal Acquisition Regulation, to fully implement the requirements of such section 847."(3) DEFINITIONS.-In this subsection, the term 'beneficial ownership', 'FOCI', and 'covered contractors or subcontractors' have the meanings given, respectively, in section 847 of the National Defense Authorization Act for Fiscal Year 2020 (Public Law 116-92; 133 Stat. 1505; 10 U.S.C. 2509 note [now 10 U.S.C. 4819 note])." Pub. L. 116-92, div. A, title VIII, §847, Dec. 20, 2019, 133 Stat. 1505, as amended by Pub. L. 116-283, div. A, title VIII, §819(a), (b), (d), Jan. 1, 2021, 134 Stat. 3751, 3752, provided that:"(a) DEFINITIONS.-In this section: "(1) BENEFICIAL OWNER; BENEFICIAL OWNERSHIP.-The terms 'beneficial owner' and 'beneficial ownership' shall be determined in a manner that is not less stringent than the manner set forth in section 240.13d-3 of title 17, Code of Federal Regulations (as in effect on the date of the enactment of this Act [Dec. 20, 2019])."(2) COMPANY.-The term 'company' means any corporation, company, limited liability company, limited partnership, business trust, business association, or other similar entity."(3) COVERED CONTRACTOR OR SUBCONTRACTOR.-The term 'covered contractor or subcontractor' means a company that is an existing or prospective contractor or subcontractor of the Department of Defense on a contract or subcontract with a value in excess of $5,000,000, except as provided in subsection (c). "(4) FOREIGN OWNERSHIP, CONTROL, OR INFLUENCE; FOCI.-The terms 'foreign ownership, control, or influence' and 'FOCI' have the meanings given those terms in the National Industrial Security Program Operating Manual (DOD 5220.22-M), or a successor document."(b) IMPROVED ASSESSMENT AND MITIGATION OF RISKS RELATED TO FOREIGN OWNERSHIP, CONTROL, OR INFLUENCE.-"(1) IN GENERAL.-In developing and implementing the analytical framework for mitigating risk relating to ownership structures, as required by section 2509 of title 10, United States Code [now 10 U.S.C. 4819], as added by section 845 of this Act, the Secretary of Defense shall improve the process and procedures for the assessment and mitigation of risks related to foreign ownership, control, or influence (FOCI) of covered contractors or subcontractors doing business with the Department of Defense."(2) ELEMENTS.-The process and procedures for the assessment and mitigation of risk relating to ownership structures referred to in paragraph (1) shall include the following elements:"(A) ASSESSMENT OF FOCI.-(i) A requirement for covered contractors or subcontractors to disclose to the Defense Counterintelligence and Security Agency, or its successor organization, their beneficial ownership and whether they are under FOCI."(ii) A requirement to update such disclosures when changes occur to information previously provided, consistent with or similar to the procedures for updating FOCI information under the National Industrial Security Program Operating Manual (DOD 5220.22-M), or a successor document."(iii) A requirement for covered contractors or subcontractors determined to be under FOCI to disclose contact information for each of its foreign owners that is a beneficial owner."(iv) A requirement that, at a minimum, the disclosures required by this paragraph be provided at the time the contract or subcontract is awarded, amended, or renewed, but in no case later than one year after the Secretary prescribes regulations to carry out this subsection."(v) A requirement for the Secretary to require reports and conduct examinations on a periodic basis of covered contractors or subcontractors in order to assess compliance with the requirements of this section."(B) RESPONSIBILITY DETERMINATION.-Consistent with section 2509 of title 10, United States Code [now 10 U.S.C. 4819], as added by section 845 of this Act, consideration of FOCI risks as part of responsibility determinations, including- "(i) whether to establish a special standard of responsibility relating to FOCI risks for covered contractors or subcontractors, and the extent to which the policies and procedures consistent with or similar to those relating to FOCI under the National Industrial Security Program shall be applied to covered contractors or subcontractors;"(ii) procedures for contracting officers making responsibility determinations regarding whether covered contractors or subcontractors may be under foreign ownership, control, or influence and for determining whether there is reason to believe that such foreign ownership, control, or influence would pose a risk or potential risk to national security or potential compromise because of sensitive data, systems, or processes, such as personally identifiable information, cybersecurity, or national security systems involved with the contract or subcontract; and"(iii) modification of policies, directives, and practices to provide that an assessment that a covered contractor or subcontractor is under FOCI may be a sufficient basis for a contracting officer to determine that such a covered contractor or subcontractor is not responsible."(C) CONTRACT REQUIREMENTS, ADMINISTRATION, AND OVERSIGHT RELATING TO FOCI.-"(i) Requirements for contract clauses providing for and enforcing disclosures related to changes in FOCI or beneficial ownership during performance of the contract or subcontract, consistent with subparagraph (A), and necessitating the effective mitigation of risks related to FOCI throughout the duration of the contract or subcontract."(ii) Pursuant to section 2509(c) of title 10, United States Code [now 10 U.S.C. 4819(c)], designation of the appropriate Department of Defense official responsible to approve and to take actions relating to award, modification, termination of a contract, or direction to modify or terminate a subcontract due to an assessment by the Defense Counterintelligence and Security Agency, or its successor organization, that a covered contractor or subcontractor under FOCI poses a risk to national security or potential risk of compromise."(iii) A requirement for the provision of additional information regarding beneficial ownership and control of any covered contractor or subcontractor on the contract or subcontract."(iv) Procedures for appropriately responding to changes in covered contractor or subcontractor beneficial ownership status based on changes in disclosures of their beneficial ownership and whether they are under FOCI and the reports and examinations required by subparagraph (A)(v)."(v) Other measures as necessary to be consistent with other relevant practices, policies, regulations, and actions, including those under the National Industrial Security Program. "(c) APPLICABILITY TO CONTRACTS AND SUBCONTRACTS FOR COMMERCIAL PRODUCTS AND SERVICES AND OTHER FORMS OF ACQUISITION AGREEMENTS.- "(1) COMMERCIAL PRODUCTS AND SERVICES.-The requirements under subsections (b)(2)(A) and (b)(2)(C) shall not apply to a contract or subcontract for commercial products or services, unless a designated senior Department of Defense official specifically requires the applicability of subsections (b)(2)(A) and (b)(2)(C) based on a determination by the designated senior official that the contract or subcontract involves a risk or potential risk to national security or potential compromise because of sensitive data, systems, or processes, such as personally identifiable information, cybersecurity, or national security systems."(2) RESEARCH AND DEVELOPMENT AND PROCUREMENT ACTIVITIES.-The Secretary of Defense shall ensure that the requirements of this section are applied to research and development and procurement activities, including for the delivery of services, established through any means including those under section 2358(b) of title 10, United States Code [now 10 U.S.C. 4001(b)]."(d) AVAILABILITY OF RESOURCES.-The Secretary shall ensure that sufficient resources, including subject matter expertise, are allocated to execute the functions necessary to carry out this section, including the assessment, mitigation, contract administration, and oversight functions. "(e) RULE OF CONSTRUCTION.-Nothing in this section shall be construed to limit or modify any other procurement policy, procedure, requirement, or restriction provided by law, including section 721 of the Defense Production Act of 1950 (50 U.S.C. 4565), as amended by the Foreign Interference Risk Review Modernization Act of 2018 (subtitle A of title XVII of Public Law 115-232)."(f) AVAILABILITY OF BENEFICIAL OWNERSHIP DATA.-"(1) IN GENERAL.-Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall establish a process to update systems of record to improve the assessment and mitigation of risks associated with FOCI through the inclusion and updating of all appropriate associated uniquely identifying information about the contracts and contractors and subcontracts and subcontractors in the Federal Awardee Performance and Integrity Information System (FAPIIS), administered by the General Services Administration, and the Commercial and Government Entity (CAGE) database, administered by the Defense Logistics Agency. "(2) LIMITED AVAILABILITY OF INFORMATION.-The Secretary of Defense shall ensure that the information required to be disclosed pursuant to this section is-"(A) not made public;"(B) made available via the FAPIIS and CAGE databases; and"(C) made available to appropriate government departments or agencies."

congressional defense committees
The term "congressional defense committees" means-(A) the Committee on Armed Services and the Committee on Appropriations of the Senate; and(B) the Committee on Armed Services and the Committee on Appropriations of the House of Representatives.
officer
The term "officer" means a commissioned or warrant officer.