NDAA for Fiscal Year 2012

*How To Use the NDAA Pages*	Back to NDAA Contents
TITLE VIII--ACQUISITION POLICY, ACQUISITION MANAGEMENT, AND RELATED MATTERS Subtitle A--Acquisition Policy and Management
P. L. 115-	House Conference Report. 115-404
SEC. 807. PROCESS FOR ENHANCED SUPPLY CHAIN SCRUTINY. (a) Process.--Not later than 90 days after the date of the enactment of this Act, the Secretary of Defense shall establish a process for enhancing scrutiny of acquisition decisions in order to improve the integration of supply chain risk management into the overall acquisition decision cycle. (b) Elements.--The process under subsection (a) shall include the following elements: (1) Designation of a senior official responsible for overseeing the development and implementation of the process. (2) Development or integration of tools to support commercial due-diligence, business intelligence, or otherwise analyze and monitor commercial activity to understand business relationships with entities determined to be threats to the United States. (3) Development of risk profiles of products or services based on commercial due-diligence tools and data services. (4) Development of education and training curricula for the acquisition workforce that supports the process. (5) Integration, as needed, with intelligence sources to develop threat profiles of entities determined to be threats to the United States. (6) Periodic review and assessment of software products and services on computer networks of the Department of Defense to remove prohibited products or services. (7) Synchronization of the use of current authorities for making supply chain decisions, including section 806 of Public Law 111-383 (10 U.S.C. 2304 note) or improved use of suspension and debarment officials. (8) Coordination with interagency, industrial, and international partners, as appropriate, to share information, develop Government-wide strategies for dealing with significant entities determined to be significant threats to the United States, and effectively use authorities in other departments and agencies to provide consistent, Government-wide approaches to supply chain threats. (9) Other matters as the Secretary considers necessary. (c) Notification.--Not later than 90 days after establishing the process required by subsection (a), the Secretary shall provide a written notification to the Committees on Armed Services of the Senate and House of Representatives that the process has been established. The notification also shall include the following: (1) Identification of the official designated under subsection (b)(1). (2) Identification of tools and services currently available to the Department of Defense under subsection (b)(2). (3) Assessment of additional tools and services available under subsection (b)(2) that the Department of Defense should evaluate. (4) Identification of, or recommendations for, any statutory changes needed to improve the effectiveness of the process. (5) Projected resource needs for implementing any recommendations made by the Secretary.	Process for enhanced supply chain scrutiny (sec. 807) The House bill contained a provision (sec. 875) that would require the Director of National Intelligence to develop a list of telecommunications contractors who have been found to have knowingly assisted or facilitated a cyber attack carried out or on behalf of the government of the Democratic People’s Republic of Korea and would prohibit the Secretary of Defense from entering into a contract with any entity on this list. The Senate amendment contained no similar provision. The Senate recedes with an amendment that would require the Secretary of Defense to establish a process for enhancing scrutiny of acquisition decisions in order to improve the integration of supply chain risk management into the overall acquisition decision cycle.