(a) Digitization and Modernization.—The Secretary of Defense shall streamline and digitize the Department of Defense approach for identifying and mitigating risks to the defense industrial base.

Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

(b) Objective.—The objective of subsection (a) shall be to employ digital tools, technologies, and approaches to ensure the accessibility of relevant defense industrial base data to key decision-makers in the Department.

(c) Analytical Framework.—(1) The Under Secretary of Defense for Acquisition and Sustainment, in coordination with the Director of the Defense Counterintelligence and Security Agency and the heads of other elements of the Department of Defense as appropriate, shall develop an analytical framework for risk mitigation across the acquisition process in implementing subsections (a) and (b).

(2) The analytical framework required under paragraph (1) shall include the following elements:

(A) Characterization and monitoring of supply chain risks, such as those identified through the supply chain risk management process of the Department and by the Federal Acquisition Security Council, and including—

(i) material sources and fragility, including the extent to which sources, items, materials, and articles are mined, produced, or manufactured within or outside the United States;

(ii) telecommunications services or equipment;

(iii) counterfeit parts;

(iv) cybersecurity of contractors;

(v) video surveillance services or equipment;

(vi) vendor vetting in contingency or operational environments;

(vii) other electronic or information technology products and services; and

(viii) other risk areas as determined appropriate by the Secretary of Defense.


(B) Characterization and monitoring of risks posed by contractor behavior that constitutes or may constitute violations of laws or regulations, including those relating to—

(i) fraud;

(ii) ownership structures;

(iii) trafficking in persons;

(iv) workers’ health and safety;

(v) affiliation with the enemy;

(vi) foreign influence; and

(vii) other risk areas as deemed appropriate by the Secretary of Defense.


(C) Characterization and assessment of the acquisition processes and procedures of the Department of Defense, including—

(i) market research;

(ii) responsibility determinations, including consideration of the need for special standards of responsibility to address the risks described in subparagraphs (A) and (B);

(iii) facilities clearances;

(iv) the development of contract requirements;

(v) the technical evaluation of offers and contract awards;

(vi) contractor mobilization, including hiring, training, and establishing facilities;

(vii) contract administration, contract management, and oversight;

(viii) contract audit for closeout;

(ix) suspension and debarment activities and administrative appeals activities;

(x) contractor business system reviews;

(xi) processes and procedures related to supply chain risk management and processes and procedures implemented pursuant to section 3252 of this title; and

(xii) other relevant processes and procedures.


(D) Characterization and monitoring of the health and activities of the defense industrial base, including those relating to—

(i) balance sheets, revenues, profitability, and debt;

(ii) investment, innovation, and technological and manufacturing sophistication;

(iii) finances, access to capital markets, and cost of raising capital within those markets;

(iv) corporate governance, leadership, and culture of performance; and

(v) history of performance on past Department of Defense and government contracts.


(E) Characterization and assessment of industrial base support policies, programs, and procedures, including—

(i) limitations and acquisition guidance relevant to the national technology and industrial base;

(ii) limitations and acquisition guidance relevant to section 4862 of this title;

(iii) the Industrial Base Analysis and Sustainment program of the Department, including direct support and common design activities;

(iv) the Small Business Innovation Research Program (as defined in section 9(e) of the Small Business Act (15 U.S.C. 638(e));

(v) the Manufacturing Technology Program established under sections 4841 and 4842 of this title;

(vi) programs relating to the Defense Production Act of 1950 (50 U.S.C. 4511 1 et seq.); and

(vii) programs operating in each military department.


(d) Roles and Responsibilities.—The Secretary of Defense shall designate the roles and responsibilities of organizations and individuals to execute activities under this section, including—

(1) the Under Secretary of Defense for Acquisition and Sustainment, including the Office of Defense Pricing and Contracting and the Office of Industrial Policy;

(2) service acquisition executives;

(3) program offices and procuring contracting officers;

(4) administrative contracting officers within the Defense Contract Management Agency and the Supervisor of Shipbuilding;

(5) the Defense Counterintelligence and Security Agency;

(6) the Defense Contract Audit Agency;

(7) each element of the Department of Defense which own or operate systems containing data relevant to contractors of the Department;

(8) the Under Secretary of Defense for Research and Engineering;

(9) the suspension and debarment official of the Department;

(10) the Chief Information Officer; and

(11) other relevant organizations and individuals as deemed appropriate by the Secretary.


(e) Enabling Data, Tools, and Systems.—(1)(A) The Under Secretary of Defense for Acquisition and Sustainment, in consultation with the Chief Data Officer of the Department of Defense and the Director of the Defense Counterintelligence and Security Agency, shall assess the extent to which existing systems of record relevant to risk assessments and contracting are producing, exposing, and maintaining valid and reliable data for the purposes of the Department’s continuous assessment and mitigation of risks in the defense industrial base.

(B) The assessment required under subparagraph (A) shall include the following elements:

(i) Identification of the necessary source data, to include data from contractors, intelligence and security activities, program offices, and commercial research entities.

(ii) A description of modern data infrastructure, tools, and applications and an assessment of the extent to which new capabilities would improve the effectiveness and efficiency of mitigating the risks described in subsection (c)(2).

(iii) An assessment of the following systems owned or operated outside of the Department of Defense that the Department depends upon or to which it provides data, including the following:

(I) The Federal Awardee Performance and Integrity Information System (FAPIIS).

(II) The System for Award Management (SAM).

(III) The Federal Procurement Data System-Next Generation (FPDS-NG).

(IV) The Electronic Data Management Information System.

(V) Other systems the Secretary of Defense determines appropriate.


(iv) An assessment of systems owned or operated by the Department of Defense, including the Defense Counterintelligence and Security Agency and other defense agencies and field activities used to capture and analyze the status and performance (including past performance) of vendors and contractors.


(2)(A) Based on the findings pursuant to paragraph (1), the Secretary of Defense shall develop a unified set of activities to modernize the systems of record, data sources and collection methods, and data exposure mechanisms. The unified set of activities should include—

(i) the ability to continuously collect data on, assess, and mitigate risks;

(ii) data analytics and business intelligence tools and methods; and

(iii) continuous development and continuous delivery of secure software to implement the activities.


(B) In connection with the assessments described in this section, the Secretary shall develop capabilities to map supply chains and to assess risks to the supply chain for major end items by business sector, vendor, program, part, and other metrics as determined by the Secretary.

(f) Rule of Construction.—Nothing in this section shall be construed to limit or modify any other procurement policy, procedure, requirement, or restriction provided by law.