[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6169 Introduced in House (IH)]

<DOC>






117th CONGRESS
  1st Session
                                H. R. 6169

To direct the Secretary of Defense to establish a framework relating to 
       risks to the defense supply chain, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            December 7, 2021

 Ms. Slotkin (for herself and Mr. Gallagher) introduced the following 
      bill; which was referred to the Committee on Armed Services

_______________________________________________________________________

                                 A BILL


 
To direct the Secretary of Defense to establish a framework relating to 
       risks to the defense supply chain, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. DEFENSE SUPPLY CHAIN RISK ASSESSMENT FRAMEWORK.

    (a) In General.--Not later than one year after the date of the 
enactment of this Act, the Secretary of Defense shall establish a 
framework, which may be included as part of a framework developed under 
section 2509 of title 10, United States Code, and pursuant to 
recommendations provided under section 5 of Executive Order 14017 (86 
Fed. Reg. 11849, relating to America's supply chains), to consolidate 
the information relating to risks to the defense supply chain that is 
collected by the elements of the Department of Defense to--
            (1) enable Department-wide risk assessments of the defense 
        supply chain; and
            (2) support the development of strategies to mitigate risks 
        to the defense supply chain.
    (b) Framework Requirements.--The framework established under 
subsection (a) shall--
            (1) provide for the collection, management, and storage of 
        data from the supply chain risk management processes of the 
        Department of Defense;
            (2) provide for the collection of reports on supply chain 
        risk management from the military departments and Defense 
        Agencies, and the dissemination of such reports to the 
        components of the military departments and Defense Agencies 
        involved in the management of supply chain risk;
            (3) enable all elements of the Department to analyze the 
        information collected by such framework to identify risks to 
        the defense supply chain;
            (4) enable the Department to--
                    (A) assess the capabilities of foreign adversaries 
                (as defined in section 8(c) of the Secure and Trusted 
                Communications Networks Act of 2019 (47 U.S.C. 
                1607(c))) to affect the defense supply chain;
                    (B) analyze the ability of the industrial base of 
                the United States to meet the needs of the defense 
                supply chain;
                    (C) track global technology trends that could 
                affect the defense supply chain, as determined by the 
                Secretary of Defense; and
                    (D) assess the risks posed by emerging threats to 
                the defense supply chain;
            (5) support the identification of technology in which the 
        Department may invest to reduce risks to the defense supply 
        chain, including by improving the resilience of the defense 
        supply; and
            (6) provide for--
                    (A) a map of the supply chains for major end items 
                that supports analysis, monitoring, and reporting with 
                respect to high-risk subcontractors and risks to such 
                supply chain; and
                    (B) the use of a covered application described in 
                subsection (c) in the creation of such map to assess 
                risks to the supply chain for major end items by 
                business sector, vendor, program, part, or technology.
    (c) Covered Application Described.--The covered application 
described in this subsection is a covered application that includes the 
following elements:
            (1) A centralized database that consolidates multiple 
        disparate data sources into a single repository to ensure the 
        consistent availability of data.
            (2) Centralized reporting to allow for efficient mitigation 
        and remediation of identified supply chain vulnerabilities.
            (3) Broad interoperability with other software and systems 
        to ensure support for the analytical capabilities of users 
        across the Department.
            (4) Scalable technology to support multiple users, access 
        controls for security, and functionality designed for 
        information-sharing and collaboration.
    (d) Guidance.--Not later than 180 days after the framework required 
under subsection (a) is established, and regularly thereafter, the 
Secretary of Defense shall issue guidance on mitigating risks to the 
defense supply chain.
    (e) Reports.--
            (1) Progress report.--Not later than 180 days after the 
        date of the enactment of this Act, the Secretary of Defense 
        shall submit to the congressional defense committees a report 
        on the progress of establishing the framework as required under 
        subsection (a).
            (2) Final report.--Not later than one year after the date 
        of the enactment of this Act, the Secretary of Defense shall 
        submit to the congressional defense committees a report 
        describing the framework established under subsection (a) and 
        the organizational structure to manage and oversee the 
        framework.
    (f) Definitions.--In this section:
            (1) Covered application.--The term ``covered application'' 
        means a software-as-a-service application that uses decision 
        science, commercial data, and machine learning techniques.
            (2) Defense agency; military department.--The terms 
        ``Defense Agency'' and ``military department'' have the 
        meanings given such terms in section 101 of title 10, United 
        States Code.
            (3) High-risk subcontractors.--The term ``high-risk 
        subcontractor'' means a subcontractor at any tier that supplies 
        major end items for the Department of Defense.
            (4) Major end item.--The term ``major end item'' means an 
        item subject to a unique item-level traceability requirement at 
        any time in the life cycle of such item under Department of 
        Defense Instruction 8320.04, titled ``Item Unique 
        Identification (IUID) Standards for Tangible Personal 
        Property'' and dated September 3, 2015, or any successor 
        instruction.
                                 <all>