Voglio sapere a riguardo di…

jbell on DSKJLSW7X2PROD with RULES

47590

Federal Register / Vol. 86, No. 163 / Thursday, August 26, 2021 / Rules and Regulations
1 For classified information, the transmitting agency shall ensure that information is provided to designated ISA personnel who have an appropriate security clearance and a need to know the information. The ISA, Task Force, and the FASC will handle such information consistent with the applicable restrictions and the relevant processes and procedures adopted pursuant to 2011.200.
2 With respect to controlled unclassified or otherwise protected unclassified information, the transmitting agency, the FASC, the ISA, and the Task Force will handle the information in a manner consistent with the markings applied to the information and the relevant processes and procedures adopted pursuant to 201
1.200.
e Information protections submissions by non-Federal entities.
Information voluntarily submitted to the FASC by a non-Federal entity shall be subject to the following provisions:
1 Supply chain risk information not otherwise publicly or commercially available that is voluntarily submitted to the FASC by non-Federal entities and marked Confidential and Not to Be Publicly Disclosed will not be released to the public, including pursuant to a request under 5 U.S.C. 552, except to the extent required by law.
2 Notwithstanding paragraph e1
of this section, the FASC may, to the extent permitted by law, and subject to appropriate handling and confidentiality requirements as determined by the FASC, disclose the supply chain risk information referenced in paragraph e1 in the following circumstances:
i Pursuant to any administrative or judicial proceeding;
ii Pursuant to a request from any duly authorized committee or subcommittee of Congress;
iii Pursuant to a request from any domestic governmental entity or any foreign governmental entity of a United States ally or partner, but only to the extent necessary for national security purposes;
iv Where the non-Federal entity that submitted the information has consented to disclosure; or v For any other purpose authorized by law.
3 This paragraph e shall continue to apply to supply chain risk information referenced in paragraph e1 even after the FASC issues a recommendation for exclusion or removal pursuant to 41 U.S.C. 1323.
f Dissemination of information by the FASC. The FASC may, in its sole discretion, disclose its
VerDate Sep<11>2014

16:08 Aug 25, 2021

Jkt 253001

recommendations and any supply chain risk information relevant to those recommendations to Federal or nonFederal entities if the FASC determines that such sharing may facilitate identification or mitigation of supply chain risk, and disclosure is consistent with the following paragraphs:
1 The FASC may maintain its recommendations and any supply chain risk information as nonpublic, to the extent permitted by law, or release such information to impacted entities and appropriate stakeholders. The FASC
shall have discretion to determine the circumstances under which information will be released, as well as the timing of any such release, the scope of the information to be released, and the recipients to whom information will be released.
2 Any release by the FASC of recommendations or supply chain risk information will be in accordance title 41 U.S.C. 1323 and the provisions of this subpart.
3 The FASC will not release a recommendation to a non-Federal entity, other than a source named in the recommendation, unless an exclusion or removal order has been issued based on that recommendation, and the named source has been notified.
4 The FASC including the ISA, Task Force, and any other FASC
constituent bodies shall comply with applicable limitations on dissemination of supply chain risk information submitted pursuant to this subpart, including but not limited to the following restrictions:
i Controlled Unclassified Information, such as Law Enforcement Sensitive, Proprietary, Privileged, or Personally Identifiable Information, may only be disseminated in compliance with the restrictions applicable to the information and in accordance with the FASCs processes and procedures for disseminating controlled unclassified information as required by this part.
ii Classified Information may only be disseminated consistent with the restrictions applicable to the information and in accordance with the FASCs processes and procedures for disseminating classified information as required by this part.
Subpart CExclusion and Removal Orders 2011.300 Evaluation of sources and covered articles.

a Referral procedure. The FASC may commence an evaluation of a source or covered article in any of the following ways:

PO 00000

Frm 00050

Fmt 4700

Sfmt 4700

1 Upon the referral of the FASC or any member of the FASC;
2 Upon the request, in writing, of the head of an executive agency or a designee, accompanied by a submission of relevant information; or 3 Based on information submitted to the FASC by any Federal or non-Federal entity that the FASC deems, in its discretion, to be credible.
b Relevant factors. In evaluating sources and covered articles, the FASC
will analyze available information and consider, as appropriate, any relevant factors contained in the following nonexclusive list:
1 Functionality and features of the covered article, including the covered articles or sources access to data and information system privileges;
2 The user environment in which the covered article is used or installed;
3 Security, authenticity, and integrity of covered articles and associated supply and compilation chains, including for embedded, integrated, and bundled software;
4 The ability of the source to produce and deliver covered articles as expected;
5 Ownership of, control of, or influence over the source or covered articles by a foreign government or parties owned or controlled by a foreign government, or other ties between the source and a foreign government, which may include the following considerations:
i Whether a Federal agency has identified the country as a foreign adversary or country of special concern;
ii Whether the source or its component suppliers have headquarters, research, development, manufacturing, testing, packaging, distribution, or service facilities or other operations in a foreign country, including a country of special concern or a foreign adversary;
iii Personal and professional ties between the sourceincluding its officers, directors or similar officials, employees, consultants, or contractors and any foreign government; and iv Laws and regulations of any foreign country in which the source has headquarters, research development, manufacturing, testing, packaging, distribution, or service facilities or other operations.
6 Implications for government missions or assets, national security, homeland security, or critical functions associated with use of the source or covered article;
7 Potential or existing threats to or vulnerabilities of Federal systems, programs or facilities, including the potential for exploitability;

E:FRFM26AUR1.SGM

26AUR1