Section 3099 - Vulnerability assessments of major systems(a) Initial vulnerability assessments(1)(A) Except as provided in subparagraph (B), the Director of National Intelligence shall conduct and submit to the congressional intelligence committees an initial vulnerability assessment for each major system and its significant items of supply-(i) except as provided in clause (ii), prior to the completion of Milestone B or an equivalent acquisition decision for the major system; or(ii) prior to the date that is 1 year after October 7, 2010, in the case of a major system for which Milestone B or an equivalent acquisition decision-(I) was completed prior to such date; or(II) is completed on a date during the 180-day period following such date.(B) The Director may submit to the congressional intelligence committees an initial vulnerability assessment required by clause (ii) of subparagraph (A) not later than 180 days after the date such assessment is required to be submitted under such clause if the Director notifies the congressional intelligence committees of the extension of the submission date under this subparagraph and provides a justification for such extension.(C) The initial vulnerability assessment of a major system and its significant items of supply shall include use of an analysis-based approach to-(i) identify vulnerabilities;(ii) define exploitation potential;(iii) examine the system's potential effectiveness;(iv) determine overall vulnerability; and(v) make recommendations for risk reduction.(2) If an initial vulnerability assessment for a major system is not submitted to the congressional intelligence committees as required by paragraph (1), funds appropriated for the acquisition of the major system may not be obligated for a major contract related to the major system. Such prohibition on the obligation of funds for the acquisition of the major system shall cease to apply on the date on which the congressional intelligence committees receive the initial vulnerability assessment.(b) Subsequent vulnerability assessments(1) The Director of National Intelligence shall, periodically throughout the procurement of a major system or if the Director determines that a change in circumstances warrants the issuance of a subsequent vulnerability assessment, conduct a subsequent vulnerability assessment of each major system and its significant items of supply within the National Intelligence Program.(2) Upon the request of a congressional intelligence committee, the Director of National Intelligence may, if appropriate, recertify the previous vulnerability assessment or may conduct a subsequent vulnerability assessment of a particular major system and its significant items of supply within the National Intelligence Program.(3) Any subsequent vulnerability assessment of a major system and its significant items of supply shall include use of an analysis-based approach and, if applicable, a testing-based approach, to monitor the exploitation potential of such system and reexamine the factors described in clauses (i) through (v) of subsection (a)(1)(C).(d) Congressional oversight(2) The Director of National Intelligence shall provide the congressional intelligence committees with a proposed schedule for subsequent periodic vulnerability assessments of a major system under subsection (b)(1) when providing such committees with the initial vulnerability assessment under subsection (a) of such system as required by paragraph (1).(e) DefinitionsIn this section:
(1) The term "item of supply" has the meaning given that term in section 4(10) 1 of the Office of Federal Procurement Policy Act (41 U.S.C. 403(10)).(2) The term "major contract" means each of the 6 largest prime, associate, or Government-furnished equipment contracts under a major system that is in excess of $40,000,000 and that is not a firm, fixed price contract.(3) The term "major system" has the meaning given that term in section 3097(e) of this title.(4) The term "Milestone B" means a decision to enter into major system development and demonstration pursuant to guidance prescribed by the Director of National Intelligence.(5) The term "vulnerability assessment" means the process of identifying and quantifying vulnerabilities in a major system and its significant items of supply.1 See References in Text note below.
July 26, 1947, ch. 343, title V, §506C, as added Pub. L. 111-259, §321, 124 Stat. 2667.EDITORIAL NOTES
REFERENCES IN TEXTSection 4(10) of the Office of Federal Procurement Policy Act, referred to in subsec. (e)(1), which was classified to section 403(10) of former Title 41, Public Contracts, was repealed and reenacted as sections 108 and 115 of Title 41, Public Contracts, by Pub. L. 111-350, §§3, 7 (b), Jan. 4, 2011, 124 Stat. 3677, 3855.
CODIFICATIONSection was formerly classified to section 415a-5 of this title prior to editorial reclassification and renumbering as this section.
- National Intelligence Program
- The term "National Intelligence Program" refers to all programs, projects, and activities of the intelligence community, as well as any other programs of the intelligence community designated jointly by the Director of National Intelligence and the head of a United States department or agency or by the President. Such term does not include programs, projects, or activities of the military departments to acquire intelligence solely for the planning and conduct of tactical military operations by United States Armed Forces.
- congressional intelligence committees
- The term "congressional intelligence committees" means-(A) the Select Committee on Intelligence of the Senate; and(B) the Permanent Select Committee on Intelligence of the House of Representatives.
- intelligence
- The term "intelligence" includes foreign intelligence and counterintelligence.
- national intelligence
- The terms "national intelligence" and "intelligence related to national security" refer to all intelligence, regardless of the source from which derived and including information gathered within or outside the United States, that-(A) pertains, as determined consistent with any guidance issued by the President, to more than one United States Government agency; and(B) that involves-(i) threats to the United States, its people, property, or interests;(ii) the development, proliferation, or use of weapons of mass destruction; or(iii) any other matter bearing on United States national or homeland security.