Page:United States Statutes at Large Volume 124.djvu/4286

124 STAT. 4260 PUBLIC LAW 111–383—JAN. 7, 2011 ‘‘(A) a description of the business case analysis (if any) that has been prepared for the program and key functional requirements for the program; ‘‘(B) a description of the analysis of alternatives con- ducted with regard to the program; ‘‘(C) an assessment of the extent to which the program, or portions of the program, have technical requirements of sufficient clarity that the program, or portions of the program, may be feasibly procured under firm, fixed-price contracts; ‘‘(D) the most recent independent cost estimate or cost analysis for the program provided by the Director of Cost Assessment and Program Evaluation in accordance with section 2334(a)(6) of this title; ‘‘(E) a certification by a Department of Defense acquisi- tion official with responsibility for the program that all technical and business requirements have been reviewed and validated to ensure alignment with the business case; and ‘‘(F) an explanation of the basis for the certification described in subparagraph (E). ‘‘(6) For each major automated information system program for which the information required under paragraph (5) has been provided in a previous annual report, a summary of any significant changes to the information previously provided.’’. SEC. 806. REQUIREMENTS FOR INFORMATION RELATING TO SUPPLY CHAIN RISK. (a) AUTHORITY.—Subject to subsection (b), the head of a covered agency may— (1) carry out a covered procurement action; and (2) limit, notwithstanding any other provision of law, in whole or in part, the disclosure of information relating to the basis for carrying out a covered procurement action. (b) DETERMINATION AND NOTIFICATION.—The head of a covered agency may exercise the authority provided in subsection (a) only after— (1) obtaining a joint recommendation by the Under Sec- retary of Defense for Acquisition, Technology, and Logistics and the Chief Information Officer of the Department of Defense, on the basis of a risk assessment by the Under Secretary of Defense for Intelligence, that there is a significant supply chain risk to a covered system; (2) making a determination in writing, in unclassified or classified form, with the concurrence of the Under Secretary of Defense for Acquisition, Technology, and Logistics, that— (A) use of the authority in subsection (a)(1) is necessary to protect national security by reducing supply chain risk; (B) less intrusive measures are not reasonably avail- able to reduce such supply chain risk; and (C) in a case where the head of the covered agency plans to limit disclosure of information under subsection (a)(2), the risk to national security due to the disclosure of such information outweighs the risk due to not disclosing such information; and 10 USC 2304 note.