[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 2289 Introduced in Senate (IS)]

<DOC>






118th CONGRESS
  1st Session
                                S. 2289

To direct the Director of the Information Security Oversight Office to 
 assess foreign influence in the National Industrial Security Program 
  and to develop a single, integrated strategy to better identify and 
        mitigate such foreign influence, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             July 13, 2023

  Mr. Peters (for himself and Mr. Grassley) introduced the following 
 bill; which was read twice and referred to the Committee on Homeland 
                   Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
To direct the Director of the Information Security Oversight Office to 
 assess foreign influence in the National Industrial Security Program 
  and to develop a single, integrated strategy to better identify and 
        mitigate such foreign influence, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Mitigating Foreign Influence in 
Classified Government Contracts''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Appropriate committees of congress.--The term 
        ``appropriate committees of Congress'' means--
                    (A) the Committee on Homeland Security and 
                Governmental Affairs, the Committee on Armed Services, 
                and the Select Committee on Intelligence of the Senate; 
                and
                    (B) the Committee on Oversight and Accountability, 
                the Committee on Armed Services, and the Permanent 
                Select Committee on Intelligence of the House of 
                Representatives.
            (2) Cognizant security agencies; entity; foreign 
        interest.-- The terms ``cognizant security agencies'', 
        ``entity'', and ``foreign interest'' have the meanings given 
        those term in section 2004.4 of title 32, Code of Federal 
        Regulations.
            (3) Director.--The term ``Director'' means the Director of 
        the Information Security Oversight Office.
            (4) NISPPAC.--The term ``NISPPAC'' means the National 
        Industrial Security Program Policy Advisory Committee 
        established by Executive Order 12829 (50 U.S.C. 3161 note; 
        relating to national industrial security program).

SEC. 3. ASSESSMENT OF FOREIGN INFLUENCE IN NATIONAL INDUSTRIAL SECURITY 
              PROGRAM.

    (a) In General.--The Director shall convene and direct NISPPAC to 
complete and submit, not later than 1 year after the date of the 
enactment of this Act, to the Director an assessment of foreign 
influence in the National Industrial Security Program.
    (b) Elements.--The assessment required by subsection (a) shall 
include the following:
            (1) A definition of foreign influence that focuses on 
        contractual agreements or other non-ownership means that may 
        allow foreign interests unauthorized access to classified 
        information or to adversely affect performance of a contract or 
        agreement requiring access to classified information.
            (2) An assessment of the extent of the threat of foreign 
        influence in the National Industrial Security Program.
            (3) A description of the challenges in identifying foreign 
        influence.
            (4) A list of the criteria and factors that should be 
        considered to identify foreign influence requiring mitigation.
            (5) An identification of the methods, if any, currently 
        used to mitigate foreign influence.
            (6) An assessment of the effectiveness and limitations of 
        such mitigations, and recommendations for new mitigation 
        methods.
            (7) An assessment of whether processes to identify and 
        mitigate foreign influence are consistent across cognizant 
        security agencies.
            (8) An identification of the tools available to assist 
        entities identify and avoid foreign influence that would 
        require mitigation, and recommendations for tools needed.
    (c) Submission to Congress.--Not later than 1 year after the date 
of the enactment of this Act, the Director shall submit to the 
appropriate congressional committees the assessment completed under 
subsection (a).

SEC. 4. STRATEGY TO IDENTIFY AND MITIGATE FOREIGN INFLUENCE IN NATIONAL 
              INDUSTRIAL SECURITY PROGRAM.

    (a) In General.--Not later than 540 days after the date of the 
enactment of this Act, the Director, in consultation with the cognizant 
security agencies, shall submit to the appropriate committees of 
Congress a strategy, to be known as the ``National Strategy to Mitigate 
Foreign Influence in the National Industrial Security Program'', to 
improve the ability of the Federal Government and entities to identify 
and mitigate foreign influence.
    (b) Elements.--The strategy required by subsection (a) shall 
include the following:
            (1) Processes to identify foreign influence requiring 
        mitigation, including entity submission of standard forms and 
        government security reviews.
            (2) Methods to mitigate foreign influence.
            (3) Practices to ensure processes to identify foreign 
        influence and methods to mitigate foreign influence are 
        consistent across cognizant security agencies.
            (4) Tools, including best practices, to assist entities in 
        recognizing the risk of foreign influence and implementing 
        methods to mitigate foreign influence.
            (5) Proposed updates to parts 117 and 2004 of title 32, 
        Code of Federal Regulations.
            (6) Recommendations for legislation as the Director 
        considers appropriate.
    (c) Implementation.--
            (1) In general.--Not later than 90 days after the date on 
        which the strategy required under subsection (a) is submitted 
        to the appropriate committees of Congress, the Director, in 
        collaboration with the cognizant security agencies, shall 
        commence implementation of the strategy.
            (2) Report.--Not later than 1 year after the date on which 
        the Director commences implementation of the strategy required 
        by subsection (a) in accordance with paragraph (1), the 
        Director shall submit to the appropriate committees of Congress 
        a report describing the efforts of the cognizant security 
        agencies to implement the strategy and the progress of such 
        efforts.
                                 <all>