Subject to subsection (b), the Secretary of Energy may—
(1) carry out a covered procurement action; and
(2) notwithstanding any other provision of law, limit, in whole or in part, the disclosure of information relating to the basis for carrying out a covered procurement action.
The Secretary may exercise the authority under subsection (a) only after—
(1) obtaining a risk assessment that demonstrates that there is a significant supply chain risk to a covered system;
making a determination in writing, in unclassified or classified form, that—
(A) the use of the authority under subsection (a) is necessary to protect national security by reducing supply chain risk;
(B) less restrictive measures are not reasonably available to reduce the supply chain risk; and
(C) in a case in which the Secretary plans to limit disclosure of information under subsection (a)(2), the risk to national security of the disclosure of the information outweighs the risk of not disclosing the information; and
submitting to the appropriate congressional committees, not later than seven days after the date on which the Secretary makes the determination under paragraph (2), a notice of such determination, in classified or unclassified form, that includes—
(A) the information required by section 3304(e)(2)(A) of title 41;
(B) a summary of the risk assessment required under paragraph (1); and
(C) a summary of the basis for the determination, including a discussion of less restrictive measures that were considered and why such measures were not reasonably available to reduce supply chain risk.
If the Secretary has exercised the authority under subsection (a), the Secretary shall—
(1) notify appropriate parties of the covered procurement action and the basis for the action only to the extent necessary to carry out the covered procurement action;
(2) notify other Federal agencies responsible for procurement that may be subject to the same or similar supply chain risk, in a manner and to the extent consistent with the requirements of national security; and
(3) ensure the confidentiality of any notifications under paragraph (1) or (2).
No action taken by the Secretary under the authority under subsection (a) shall be subject to review in any Federal court.
Not later than one year after the effective date specified in subsection (g)(1), and annually for four years thereafter, the Comptroller General of the United States shall—
review the authority provided under subsection (a), including—
(A) the adequacy of resources, such as trained personnel, to effectively exercise that authority during the four-year period beginning on that effective date; and
(B) the sufficiency of determinations under subsection (b)(2);
(2) review the thoroughness of the process and systems utilized by the Office of the Chief Information Officer and the Office of Intelligence and Counterintelligence of the Department of Energy to reasonably detect supply chain threats to the national security functions of the Department; and
submit to the appropriate congressional committees a report that includes—
(A) the results of the reviews conducted under paragraphs (1) and (2);
(B) any recommendations of the Comptroller General for improving the process and systems described in paragraph (2); and
(C) a description of the status of the implementation of recommendations, if any, with respect to that process and such systems made by the Comptroller General in previous years.
In this section:
The term “appropriate congressional committees” means—
(A) the congressional defense committees; and
(B) the Committee on Energy and Natural Resources of the Senate and the Committee on Energy and Commerce of the House of Representatives.
The term “covered item of supply” means an item—
(A) that is purchased for inclusion in a covered system; and
(B) the loss of integrity of which could result in a supply chain risk for a covered system.
The term “covered procurement” means the following:
(A) A source selection for a covered system or a covered item of supply involving either a performance specification, as described in subsection (a)(3)(B) of section 3306 of title 41, or an evaluation factor, as described in subsection (b)(1) of such section, relating to supply chain risk.
(B) The consideration of proposals for and issuance of a task or delivery order for a covered system or a covered item of supply, as provided in section 4106(d)(3) of title 41, where the task or delivery order contract concerned includes a contract clause establishing a requirement relating to supply chain risk.
(C) Any contract action involving a contract for a covered system or a covered item of supply if the contract includes a clause establishing requirements relating to supply chain risk.
The term “covered procurement action” means, with respect to an action that occurs in the course of conducting a covered procurement, any of the following:
(A) The exclusion of a source that fails to meet qualification requirements established pursuant to section 3311 of title 41 for the purpose of reducing supply chain risk in the acquisition of covered systems.
(B) The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order.
(C) The withholding of consent for a contractor to subcontract with a particular source or the direction to a contractor for a covered system to exclude a particular source from consideration for a subcontract under the contract.
The term “covered system” means the following:
(A) National security systems (as defined in section 3552(b) of title 44) and components of such systems.
(B) Nuclear weapons and components of nuclear weapons.
(C) Items associated with the design, development, production, and maintenance of nuclear weapons or components of nuclear weapons.
(D) Items associated with the surveillance of the nuclear weapon stockpile.
(E) Items associated with the design and development of nonproliferation and counterproliferation programs and systems.
(6) Supply chain risk The term “supply chain risk” means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system or covered item of supply so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of the system or item of supply.
The authority under this section shall terminate on June 30, 2023.
(Pub. L. 107–314, div. D, title XLVIII, § 4806, as added Pub. L. 113–66, div. C, title XXXI, § 3113(a), Dec. 26, 2013, 127 Stat. 1053; amended Pub. L. 113–291, div. C, title XXXI, § 3142(s), Dec. 19, 2014, 128 Stat. 3901; Pub. L. 115–232, div. C, title XXXI, § 3117, Aug. 13, 2018, 132 Stat. 2292.)
