Key Supply Chain Provisions in the Final FY 2025 National Defense Authorization Act
Published: January 15, 2025
Federal Market AnalysisContracting TrendsDEFENSENational Defense Authorization ActPolicy and Legislation
The final FY 2025 NDAA includes supply chain provisions that will both impact and interest defense contractors.
Congress traditionally uses annual National Defense Authorization Act (NDAA) to address include numerous technology, acquisitions and policy concerns, and the final fiscal year (FY) 2025 NDAA, which Congress passed in late December, sustains this tradition.
Recently, I wrote about the key cybersecurity provisions in the FY 2025 NDAA. This piece will focus on a related issue – the Department of Defense (DOD) supply chain assurance and risk management provisions in the FY 2025 NDAA.
Below are the most noteworthy supply chain-related provisions in the final bill that will either directly impact DOD contractors or could provide opportunities for collaboration as well as potential contracts.
- Measures to Increase Supply Chain Resiliency for Small Unmanned Aerial Systems (Sec. 162) – Requires the DOD to identify risks in the supply chain for small unmanned aerial systems (sUAS) and to increase the resiliency of the sUAS supply chain using parts supplied by domestic sources and from U.S. allies and partners. The section further directs the DOD to periodically fully disassemble a drone aircraft made by Da Jiang Innovations (DJI), or a similar commercially available sUAS manufactured in a covered foreign country (i.e. adversary), to categorize and assess the risk of each component for supply chain monitoring and visibility. Based on this analysis, the DOD is to develop a supply chain risk framework and a strategy to develop a secure and resilient domestic and allied supply chain of critical sUAS components.
- It is noteworthy that DJI (along with Autel Robotics) is also called out in Section 1709 of this NDAA, under provisions directing an appropriate national security agency to determine if any of their communications or video surveillance equipment or services pose an unacceptable risk to U.S. national security, with a view to potentially adding these products to the Federal Communications Commission’s list of covered communications equipment or services under section 2(a) of the Secure and Trusted Communications Networks Act. (Both companies are on the DOD’s January 7 list of Entities Identified as Chinese Military Companies Operating in the United States.)
- Domestic Nonavailability Determinations List (Sec. 848) – Directs DOD to develop and maintain a list of all domestic nonavailability determinations, which provide the basis for exceptions to the Berry Amendment mandate that DOD procure products (e.g. food, clothing, fabrics, metals, etc.) from domestic sources. This new provision requires DOD to share the list with Congress and develop a plan to share the list with industry as well.
- Contractor Supply Chain Illumination Incentives (Sec. 849) – Directs the DOD to develop and implement policies, procedures, and tools to incentivize each DOD contractor to assess and monitor their entire supply chain of goods and services they provide to the DOD to identify potential vulnerabilities and noncompliance risks.
- Creation of the Joint Federated Assurance Center (Sec. 922) – Establishes a Joint Federated Assurance Center within the Office of the Under Secretary of Defense for Research and Engineering to ensure that the software and hardware developed, acquired, maintained, and used by the DOD are free from intentional and unintentional vulnerability during development and deployment of assured, trustworthy defense systems. The center will provide DOD-wide hardware and software assurance knowledge management capabilities; develop and standardize policies, procedures, competencies, risk assessment methodologies, and independent validation and verification test capabilities; provide visibility on strategy, use cases, procurement, investment, and other relevant activities to aggregate DOD assurance tool purchases; develop guidance for contracts for application-specific integrated circuits designed by defense industrial base contractors; and other related hardware and software supply chain assurance and risk management activities.
The above provisions will drive DOD activities and policies around supply chain assurance, with direct impacts to defense contractors and suppliers going forward. Some may entail investments in related infrastructure and tools which DOD will use to manage supply chain risk, which may present opportunities for solutions and collaboration for industry. Others will require internal changes on the part of defense industrial base companies.
Underpinning these provisions is the ongoing theme that DOD will require from suppliers and service providers greater assurances and visibility into the supply chain that supports and empowers the department.