U.S. CODE
Rulings
AD/CVD
Notices
HTSUS
U.S. Code
Regs
More
Ports
About
Updates
Apps
Larger font
Smaller font
CustomsMobile Pro
beta now open!
Apply for a FREE beta account. Spaces are limited so apply today.
SIGNUP FOR BETA
SEARCH
Toggle Dropdown
Search US Code
Search Leg. Notes
Sort by Rank
Titles Ascending
Titles Descending
10 per page
25 Result/page
50 Result/page
U.S Code last checked for updates: Nov 22, 2024
All Titles
Title 50
Chapter 44
Subchapter III
§ 3098. Annual personnel level a...
§ 3100. Intelligence community b...
§ 3098. Annual personnel level a...
§ 3100. Intelligence community b...
U.S. Code
Notes
§ 3099.
Vulnerability assessments of major systems
(a)
Initial vulnerability assessments
(1)
(A)
Except as provided in subparagraph (B), the Director of National Intelligence shall conduct and submit to the congressional intelligence committees an initial vulnerability assessment for each major system and its significant items of supply—
(i)
except as provided in clause (ii), prior to the completion of Milestone B or an equivalent acquisition decision for the major system; or
(ii)
prior to the date that is 1 year after
October 7, 2010
, in the case of a major system for which Milestone B or an equivalent acquisition decision—
(I)
was completed prior to such date; or
(II)
is completed on a date during the 180-day period following such date.
(B)
The Director may submit to the congressional intelligence committees an initial vulnerability assessment required by clause (ii) of subparagraph (A) not later than 180 days after the date such assessment is required to be submitted under such clause if the Director notifies the congressional intelligence committees of the extension of the submission date under this subparagraph and provides a justification for such extension.
(C)
The initial vulnerability assessment of a major system and its significant items of supply shall include use of an analysis-based approach to—
(i)
identify vulnerabilities;
(ii)
define exploitation potential;
(iii)
examine the system’s potential effectiveness;
(iv)
determine overall vulnerability; and
(v)
make recommendations for risk reduction.
(2)
If an initial vulnerability assessment for a major system is not submitted to the congressional intelligence committees as required by paragraph (1), funds appropriated for the acquisition of the major system may not be obligated for a major contract related to the major system. Such prohibition on the obligation of funds for the acquisition of the major system shall cease to apply on the date on which the congressional intelligence committees receive the initial vulnerability assessment.
(b)
Subsequent vulnerability assessments
(1)
The Director of National Intelligence shall, periodically throughout the procurement of a major system or if the Director determines that a change in circumstances warrants the issuance of a subsequent vulnerability assessment, conduct a subsequent vulnerability assessment of each major system and its significant items of supply within the National Intelligence Program.
(2)
Upon the request of a congressional intelligence committee, the Director of National Intelligence may, if appropriate, recertify the previous vulnerability assessment or may conduct a subsequent vulnerability assessment of a particular major system and its significant items of supply within the National Intelligence Program.
(3)
Any subsequent vulnerability assessment of a major system and its significant items of supply shall include use of an analysis-based approach and, if applicable, a testing-based approach, to monitor the exploitation potential of such system and reexamine the factors described in clauses (i) through (v) of subsection (a)(1)(C).
(c)
Major system management
(d)
Congressional oversight
(1)
The Director of National Intelligence shall provide to the congressional intelligence committees a copy of each vulnerability assessment conducted under subsection (a) or (b) not later than 10 days after the date of the completion of such assessment.
(2)
The Director of National Intelligence shall provide the congressional intelligence committees with a proposed schedule for subsequent periodic vulnerability assessments of a major system under subsection (b)(1) when providing such committees with the initial vulnerability assessment under subsection (a) of such system as required by paragraph (1).
(e)
Definitions
In this section:
(1)
The term “item of supply” has the meaning given that term in section 4(10)
1
1
See References in Text note below.
of the Office of Federal Procurement Policy Act (
41 U.S.C. 403
(10)).
(2)
The term “major contract” means each of the 6 largest prime, associate, or Government-furnished equipment contracts under a major system that is in excess of $40,000,000 and that is not a firm, fixed price contract.
(3)
The term “major system” has the meaning given that term in
section 3097(e) of this title
.
(4)
The term “Milestone B” means a decision to enter into major system development and demonstration pursuant to guidance prescribed by the Director of National Intelligence.
(5)
The term “vulnerability assessment” means the process of identifying and quantifying vulnerabilities in a major system and its significant items of supply.
(
July 26, 1947, ch. 343
, title V, § 506C, as added
Pub. L. 111–259, title III, § 321(a)(1)
,
Oct. 7, 2010
,
124 Stat. 2667
.)
cite as:
50 USC 3099
.list_box li,p,.cm-search-info,.cm-search-detail,.abt span,.expand-collapse_top
Get the CustomsMobile app!