[Congressional Record Volume 169, Number 129 (Wednesday, July 26, 2023)]
[Senate]
[Page S3669]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 1059. Mr. SCOTT of Florida (for himself and Mr. Lujan) submitted 
an amendment intended to be proposed by him to the bill S. 2226, to 
authorize appropriations for fiscal year 2024 for military activities 
of the Department of Defense, for military construction, and for 
defense activities of the Department of Energy, to prescribe military 
personnel strengths for such fiscal year, and for other purposes; which 
was ordered to lie on the table; as follows:

       At the end of subtitle B of title VIII, add the following:

     SEC. 823. PROHIBITION ON THE PURCHASE OF COMMERCIAL OFF-THE-
                   SHELF INFORMATION TECHNOLOGY ITEMS INVOLVING 
                   ENTITIES OWNED OR CONTROLLED BY PEOPLE'S 
                   REPUBLIC OF CHINA.

       (a) In General.--Beginning 180 days after the date of the 
     enactment of this Act, the Secretary of Defense may not 
     acquire, purchase, lease, or enter into any contract or 
     agreement for the acquisition of computers, printers, 
     televisions, or cameras if the manufacturer is owned or 
     controlled, directly or indirectly, by the Government of the 
     People's Republic of China, as determined by the Secretary 
     under subsection (b).
       (b) List of Covered Manufacturers.--Not later than 180 days 
     after the date of the enactment of this Act, the Secretary of 
     Defense shall compile a list of manufacturers covered by the 
     prohibition under subsection (a). The list shall be updated 
     not less than annually.
       (c) Waiver.--
       (1) In general.--The Secretary of Defense may waive the 
     prohibition under subsection (a) for specific acquisitions in 
     exceptional circumstances.
       (2) Notification requirement.--Not later than 30 days after 
     exercising a waiver under paragraph (1), the Secretary shall 
     notify the congressional defense committees of the waiver. 
     The notification shall include--
       (A) a detailed justification and reasons for the waiver;
       (B) an assessment of the national security risks involved 
     and a description of the measures taken to mitigate them; and
       (C) a description of the specific entities or acquisitions 
     affected.
       (d) Establishment of Risk-based Approach.--The Secretary of 
     Defense shall--
       (1) establish controls to prevent the purchase of high-risk 
     commercial off-the-shelf information technology items with 
     known cybersecurity risks similar to the controls implemented 
     through the use of the national security systems-restricted 
     list; and
       (2) update the Department of Defense acquisition policy to 
     require organizations to review and evaluate cybersecurity 
     risks for high-risk commercial off-the-shelf items before 
     purchase, regardless of the purchase method.
                                 ______