[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 2289 Introduced in Senate (IS)]
<DOC>
118th CONGRESS
1st Session
S. 2289
To direct the Director of the Information Security Oversight Office to
assess foreign influence in the National Industrial Security Program
and to develop a single, integrated strategy to better identify and
mitigate such foreign influence, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
July 13, 2023
Mr. Peters (for himself and Mr. Grassley) introduced the following
bill; which was read twice and referred to the Committee on Homeland
Security and Governmental Affairs
_______________________________________________________________________
A BILL
To direct the Director of the Information Security Oversight Office to
assess foreign influence in the National Industrial Security Program
and to develop a single, integrated strategy to better identify and
mitigate such foreign influence, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Mitigating Foreign Influence in
Classified Government Contracts''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Appropriate committees of congress.--The term
``appropriate committees of Congress'' means--
(A) the Committee on Homeland Security and
Governmental Affairs, the Committee on Armed Services,
and the Select Committee on Intelligence of the Senate;
and
(B) the Committee on Oversight and Accountability,
the Committee on Armed Services, and the Permanent
Select Committee on Intelligence of the House of
Representatives.
(2) Cognizant security agencies; entity; foreign
interest.-- The terms ``cognizant security agencies'',
``entity'', and ``foreign interest'' have the meanings given
those term in section 2004.4 of title 32, Code of Federal
Regulations.
(3) Director.--The term ``Director'' means the Director of
the Information Security Oversight Office.
(4) NISPPAC.--The term ``NISPPAC'' means the National
Industrial Security Program Policy Advisory Committee
established by Executive Order 12829 (50 U.S.C. 3161 note;
relating to national industrial security program).
SEC. 3. ASSESSMENT OF FOREIGN INFLUENCE IN NATIONAL INDUSTRIAL SECURITY
PROGRAM.
(a) In General.--The Director shall convene and direct NISPPAC to
complete and submit, not later than 1 year after the date of the
enactment of this Act, to the Director an assessment of foreign
influence in the National Industrial Security Program.
(b) Elements.--The assessment required by subsection (a) shall
include the following:
(1) A definition of foreign influence that focuses on
contractual agreements or other non-ownership means that may
allow foreign interests unauthorized access to classified
information or to adversely affect performance of a contract or
agreement requiring access to classified information.
(2) An assessment of the extent of the threat of foreign
influence in the National Industrial Security Program.
(3) A description of the challenges in identifying foreign
influence.
(4) A list of the criteria and factors that should be
considered to identify foreign influence requiring mitigation.
(5) An identification of the methods, if any, currently
used to mitigate foreign influence.
(6) An assessment of the effectiveness and limitations of
such mitigations, and recommendations for new mitigation
methods.
(7) An assessment of whether processes to identify and
mitigate foreign influence are consistent across cognizant
security agencies.
(8) An identification of the tools available to assist
entities identify and avoid foreign influence that would
require mitigation, and recommendations for tools needed.
(c) Submission to Congress.--Not later than 1 year after the date
of the enactment of this Act, the Director shall submit to the
appropriate congressional committees the assessment completed under
subsection (a).
SEC. 4. STRATEGY TO IDENTIFY AND MITIGATE FOREIGN INFLUENCE IN NATIONAL
INDUSTRIAL SECURITY PROGRAM.
(a) In General.--Not later than 540 days after the date of the
enactment of this Act, the Director, in consultation with the cognizant
security agencies, shall submit to the appropriate committees of
Congress a strategy, to be known as the ``National Strategy to Mitigate
Foreign Influence in the National Industrial Security Program'', to
improve the ability of the Federal Government and entities to identify
and mitigate foreign influence.
(b) Elements.--The strategy required by subsection (a) shall
include the following:
(1) Processes to identify foreign influence requiring
mitigation, including entity submission of standard forms and
government security reviews.
(2) Methods to mitigate foreign influence.
(3) Practices to ensure processes to identify foreign
influence and methods to mitigate foreign influence are
consistent across cognizant security agencies.
(4) Tools, including best practices, to assist entities in
recognizing the risk of foreign influence and implementing
methods to mitigate foreign influence.
(5) Proposed updates to parts 117 and 2004 of title 32,
Code of Federal Regulations.
(6) Recommendations for legislation as the Director
considers appropriate.
(c) Implementation.--
(1) In general.--Not later than 90 days after the date on
which the strategy required under subsection (a) is submitted
to the appropriate committees of Congress, the Director, in
collaboration with the cognizant security agencies, shall
commence implementation of the strategy.
(2) Report.--Not later than 1 year after the date on which
the Director commences implementation of the strategy required
by subsection (a) in accordance with paragraph (1), the
Director shall submit to the appropriate committees of Congress
a report describing the efforts of the cognizant security
agencies to implement the strategy and the progress of such
efforts.
<all>