12 2 STA T .4 4 03PUBLIC LA W 110 – 41 7—O CT. 14 , 200 8(A)forman a gi ng ri sk— (i) in the s up p lyc hain of electronics an d informa - tion processing systems for co v ered ac q uisition pro- grams
and (ii) in the procurement of semiconductors; and ( B ) that ensures dependa b le , continuous, long-term access and trust for all mission-critical semiconductors pro- cured from both foreign and domestic sources . ( 2 ) REQUIR E M E NTS .—At a minimum, the strategy shall— (A) address the vulnerabilities identified by the assess- ment under subsection (a); (B) reflect the priorities identified by such assessment; ( C ) provide guidance for the planning, programming, budgeting, and e x ecution process in order to ensure that covered acquisition programs have the necessary resources to implement all appropriate elements of the strategy; ( D ) promote the use of verification tools, as appropriate, for ensuring trust of commercially acquired systems; ( E ) increase use of trusted foundry services, as appro- priate; and ( F ) ensure sufficient oversight in implementation of the plan. (d) POL I C IES A N D ACTIONS F OR ASSURIN GT RUST IN I NTEGRATED CIRCUITS.— N ot later than 180 days after the date of the enactment of this Act, the S ecretary of Defense shall— (1) develop policy requiring that trust assurance be a high priority for covered acquisition programs in all phases of the electronic component supply chain and integrated circuit development and production process, including design and design tools, fabrication of the semiconductors, packaging, final assembly, and test; (2) develop policy requiring that programs w hose electronics and information systems are determined to be vital to oper- ational readiness or mission effectiveness are to employ trusted foundry services to fabricate their custom designed integrated circuits, unless the Secretary specifically authori z es otherwise; ( 3 ) incorporate the strategies and policies of the Depart- ment of Defense regarding development and use of trusted integrated circuits into all relevant Department directives and instructions related to the acquisition of integrated circuits and programs that use such circuits; and ( 4 ) take actions to promote the use and development of tools that verify the trust in all phases of the integrated circuit development and production process of mission-critical parts acquired from non-trusted sources. (e) SU B MISSION TO CONGRESS.—Not later than 12 months after the date of the enactment of this Act, the Secretary of Defense shall submit to the congressional defense committees— (1) the assessments required by subsections (a) and (b); (2) the strategy required by subsection (c); and (3) a description of the policies developed and actions taken under subsection (d). (f) DEFINITIONS.—In this section
(1) The term ‘ ‘covered acquisition programs ’ ’ means an acquisition program of the Department of Defense that is a ma j or system for purposes of section 2302( 5 ) of title 10, U nited States Code. Deadlin e . Deadline.
�
