(1) A vulnerability and threat assessment of elements of the defense and supporting nondefense information infrastructures that are essential to the operations of the Department and the armed forces.

(2) Development of essential information assurances technologies and programs.

(3) Organization of the Department, the armed forces, and supporting activities to defend against information warfare.

(4) Joint activities of the Department with other departments and agencies of the Government, State and local agencies, and elements of the national information infrastructure. (5) The conduct of exercises, war games, simulations, experiments, and other activities designed to prepare the Department to respond to information warfare threats.

(6) Development of proposed legislation that the Secretary considers necessary for implementing the program or for otherwise responding to the information warfare threat.

(d) COORDINATION.-In carrying out the program, the Secretary shall coordinate, as appropriate, with the head of any relevant Federal agency and with representatives of those national critical information infrastructure systems that are essential to the operations of the Department and the armed forces on information assurance measures_necessary to the protection of these systems.

(e) ANNUAL REPORT.-Each year, at or about the time the President submits the annual budget for the next fiscal year pursuant to section 1105 of title 31, the Secretary shall submit to Congress a report on the Defense Information Assurance Program. Each report shall include the following:

(1) Progress in achieving the objectives of the program.

(2) A summary of the program strategy and any changes in that strategy.

(3) A description of the information assurance activities of the Office of the Secretary of Defense, Joint Staff, unified and specified commands, Defense Agencies, military departments, and other supporting activities of the Department of Defense.

(4) Program and budget requirements for the program for the past fiscal year, current fiscal year, budget year, and each succeeding fiscal year in the remainder of the current futureyears defense program.

(5) An identification of critical deficiencies and shortfalls in the program.

(6) Legislative proposals that would enhance the capability of the Department to execute the program.

(7) A summary of the actions taken in the administration of sections 3534 and 3535 of title 44 within the Department of Defense.

(f) INFORMATION ASSURANCE TEST BED.-The Secretary shall develop an information assurance test bed within the Department of Defense to provide

(1) an integrated organization structure to plan and facilitate the conduct of simulations, war games, exercises, experiments, and other activities to prepare and inform the Department regarding information warfare threats; and

(2) organization and planning means for the conduct by the Department of the integrated or joint exercises and experi

ments with elements of the national information systems infrastructure and other non-Department of Defense organizations that are responsible for the oversight and management of critical information systems and infrastructures on which the Department, the armed forces, and supporting activities depend for the conduct of daily operations and operations during crisis. (Added P.L. 106-65, § 1043(a), Oct. 5, 1999, 113 Stat. 760; amended P.L. 106-398, § 1[1063], Oct. 30, 2000, 114 Stat. 1654, 1654A-274; P.L. 107-296, §1001(c)(1)(B), Nov. 25, 2002, 116 Stat. 2267.)

§ 2224a. Information security: continued applicability of expiring Governmentwide requirements to the Department of Defense

(a) IN GENERAL.-The provisions of subchapter II of chapter 35 of title 44 shall continue to apply through September 30, 2004, with respect to the Department of Defense, notwithstanding the expiration of authority under section 3536 of such title.

(b) RESPONSIBILITIES.—In administering the provisions of subchapter II of chapter 35 of title 44 with respect to the Department of Defense after the expiration of authority under section 3536 of such title, the Secretary of Defense shall perform the duties set forth in that subchapter for the Director of the Office of Management and Budget.

(Added P.L. 107-314, § 1052(b)(1), Dec. 2, 2002, 116 Stat. 2648.)

§ 2225. Information technology purchases: tracking and management

(a) COLLECTION OF DATA REQUIRED.-To improve tracking and management of information technology products and services by the Department of Defense, the Secretary of Defense shall provide for the collection of the data described in subsection (b) for each purchase of such products or services made by a military department or Defense Agency in excess of the simplified acquisition threshold, regardless of whether such a purchase is made in the form of a contract, task order, delivery order, military interdepartmental purchase request, or any other form of interagency agree

ment.

(b) DATA TO BE COLLECTED.-The data required to be collected under subsection (a) includes the following:

(1) The products or services purchased.

(2) Whether the products or services are categorized as commercially available off-the-shelf items, other commercial items, nondevelopmental items other than commercial items, other noncommercial items, or services.

(3) The total dollar amount of the purchase.

(4) The form of contracting action used to make the purchase.

(5) In the case of a purchase made through an agency other than the Department of Defense

(A) the agency through which the purchase is made; and

(B) the reasons for making the purchase through that agency.

(6) The type of pricing used to make the purchase (whether fixed price or another type of pricing).

(7) The extent of competition provided in making the purchase.

(8) A statement regarding whether the purchase was made from

(A) a small business concern;

(B) a small business concern owned and controlled by socially and economically disadvantaged individuals; or

(C) a small business concern owned and controlled by

women.

(9) A statement regarding whether the purchase was made in compliance with the planning requirements under sections 5122 and 5123 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1422, 1423).

(c) RESPONSIBILITY TO ENSURE FAIRNESS OF CERTAIN PRICES.The head of each contracting activity in the Department of Defense shall have responsibility for ensuring the fairness and reasonableness of unit prices paid by the contracting activity for information technology products and services that are frequently purchased commercially available off-the-shelf items.

(d) LIMITATION ON CERTAIN PURCHASES.-No purchase of information technology products or services in excess of the simplified acquisition threshold shall be made for the Department of Defense from a Federal agency outside the Department of Defense unless— (1) the purchase data is collected in accordance with subsection (a); or

(2)(A) in the case of a purchase by a Defense Agency, the purchase is approved by the Under Secretary of Defense for Acquisition, Technology, and Logistics; or

(B) in the case of a purchase by a military department, the purchase is approved by the senior procurement executive of the military department.

(e) ANNUAL REPORT.-Not later than March 15 of each year, the Secretary of Defense shall submit to the Committees on Armed Services of the Senate and the House of Representatives a report containing a summary of the data collected in accordance with subsection (a).

(f) DEFINITIONS.-In this section:

(1) The term "senior procurement executive", with respect to a military department, means the official designated as the senior procurement executive for the military department for the purposes of section 16(3) of the Office of Federal Procurement Policy Act (41 U.S.C. 414(3)).

(2) The term "simplified acquisition threshold" has the meaning given the term in section 4(11) of the Office of Federal Procurement Policy Act (41 U.S.C. 403(11)).

(3) The term "small business concern" means a business concern that meets the applicable size standards prescribed pursuant to section 3(a) of the Small Business Act (15 U.S.C. 632(a)).

(4) The term "small business concern owned and controlled by socially and economically disadvantaged individuals" has the meaning given that term in section 8(d)(3)(C) of the Small Business Act (15 U.S.C. 637(d)(3)(C)).

(5) The term "small business concern owned and controlled by women" has the meaning given that term in section 8(d)(3)(D) of the Small Business Act (15 U.S.C. 637(d)(3)(D)). (Added P.L. 106-398, § 1[812(a)(1)], Oct. 30, 2000, 114 Stat. 1654, 1654A-212.)

§ 2226. Contracted property and services: prompt payment of vouchers 5

(a) REQUIREMENT.-Of the contract vouchers that are received by the Defense Finance and Accounting Service by means of the mechanization of contract administration services system, the number of such vouchers that remain unpaid for more than 30 days as of the last day of each month may not exceed 5 percent of the total number of the contract vouchers so received that remain unpaid on that day.

(b) CONTRACT VOUCHER DEFINED.-In this section, the term "contract voucher" means a voucher or invoice for the payment to a contractor for services, commercial items (as defined in section 4(12) of the Office of Federal Procurement Policy Act (41 U.S.C. 403(12))), or other deliverable_items provided by the contractor under a contract funded by the Department of Defense. (Added P.L. 106-398, § 1[1006(a)(1)], Oct. 30, 2000, 114 Stat. 1654, 1654A-247.)

§ 2227. Electronic submission and processing of claims for contract payments

(a) SUBMISSION OF CLAIMS.-The Secretary of Defense shall require that any claim for payment under a Department of Defense contract shall be submitted to the Department of Defense in electronic form.

(b) PROCESSING.-A contracting officer, contract administrator, certifying official, or other officer or employee of the Department of Defense who receives a claim for payment in electronic form in accordance with subsection (a) and is required to transmit the claim to any other officer or employee of the Department of Defense for processing under procedures of the department shall transmit the

5 Section 1006(c) of the Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001 (as enacted by P.L. 106–398; 114 Stat. 1654, 1654A-248) provides:

(c) CONDITIONAL REQUIREMENT FOR REPORT. (1) If for any month of the noncompliance reporting period the requirement in section 2226 of title 10, United States Code (as added by subsection (a)), is not met, the Secretary of Defense shall submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives a report on the magnitude of the unpaid contract vouchers. The report for a month shall be submitted not later than 30 days after the end of that month.

(2) A report for a month under paragraph (1) shall include information current as of the last day of the month as follows:

(A) The number of the vouchers received by the Defense Finance and Accounting Service by means of the mechanization of contract administration services system during each month.

(B) The number of the vouchers so received, whenever received by the Defense Finance and Accounting Service, that remain unpaid for each of the following periods:

(i) Over 30 days and not more than 60 days.

(ii) Over 60 days and not more than 90 days.

(iii) More than 90 days.

(C) The number of the vouchers so received that remain unpaid for the major categories of procurements, as defined by the Secretary of Defense.

(D) The corrective actions that are necessary, and those that are being taken, to ensure compliance with the requirement in subsection (a).

(3) For purposes of this subsection:

(A) The term "noncompliance reporting period" means the period beginning on December 1, 2000, and ending on November 30, 2004.

(B) The term "contract voucher" has the meaning given that term in section 2226(b) of title 10, United States Code (as added by subsection (a)).

claim and any additional documentation necessary to support the determination and payment of the claim to such other officer or employee electronically.

(c) WAIVER AUTHORITY.-If the Secretary of Defense determines that the requirement for using electronic means for submitting claims under subsection (a), or for transmitting claims and supporting documentation under subsection (b), is unduly burdensome in any category of cases, the Secretary may exempt the cases in that category from the application of the requirement.

(d) IMPLEMENTATION OF REQUIREMENTS.-In implementing subsections (a) and (b), the Secretary of Defense shall provide for the following:

(1) Policies, requirements, and procedures for using electronic means for the submission of claims for payment to the Department of Defense and for the transmission, between Department of Defense officials, of claims for payment received in electronic form, together with supporting documentation (such as receiving reports, contracts and contract modifications, and required certifications).

(2) The format in which information can be accepted by the corporate database of the Defense Finance and Accounting Service.

(3) The requirements to be included in contracts regarding the electronic submission of claims for payment by contractors. (e) CLAIM FOR PAYMENT DEFINED.-In this section, the term "claim for payment" means an invoice or any other demand or request for payment.

(Added P.L. 106-398, § 1[1008(a)(1)], Oct. 30, 2000, 114 Stat. 1654, 1654A-249.)

§ 2228. Military equipment and infrastructure: prevention and mitigation of corrosion

(a) DESIGNATION OF RESPONSIBLE OFFICIAL OR ORGANIZATION. The Secretary of Defense shall designate an officer or employee of the Department of Defense, or a standing board or committee of the Department of Defense, as the senior official or organization responsible in the Department to the Secretary of Defense (after the Under Secretary of Defense for Acquisition, Technology, and Logistics) for the prevention and mitigation of corrosion of the military equipment and infrastructure of the Department.

(b) DUTIES. (1) The official or organization designated under subsection (a) shall oversee and coordinate efforts throughout the Department of Defense to prevent and mitigate corrosion of the military equipment and infrastructure of the Department. The duties under this paragraph shall include the duties specified in paragraphs (2) through (5).

(2) The designated official or organization shall develop and recommend any policy guidance on the prevention and mitigation of corrosion to be issued by the Secretary of Defense.

(3) The designated official or organization shall review the programs and funding levels proposed by the Secretary of each military department during the annual internal Department of Defense budget review process as those programs and funding proposals relate to programs and funding for the prevention and mitigation of corrosion and shall submit to the Secretary of Defense rec