2023 NDAA Provides New Opportunities for Industry.

• Author: Barna, Stephanie

The 4400-page 2023 National Defense Authorization Act authorizes $858 billion in total defense spending and contains several provisions that will be of interest to companies across industries that do business with the U.S. government.

Here are some highlights.

Technology Investment: The NDAA contains more than $200 million for investments related to aircraft technology, electronic warfare and 5G technology development and almost $100 million for the Defense Advanced Research Projects Agency's quantum computing and artificial intelligence programs. The legislation also directs the secretary of defense to provide support for bio-industrial manufacturing facilities to conduct research and development to support national security and secure fragile supply chains.

Semiconductor Prohibition: Beginning five years after the date of enactment, the NDAA prohibits federal agencies from procuring, obtaining, or renewing contracts for any electronic parts, products or services that include "covered semiconductor products or services"--which are those "designed, produced, or provided" by specific Chinese companies: SMIC, CXMT, YMTC, or their subsidiaries. The law also requires the secretary to implement a quantifiable assurance capability for microelectronics security and to establish a government-industry-academia working group for information sharing and consultation on microelectronics research, development and manufacturing.

Cybersecurity: The NDAA authorizes an increase of $10 million to support cyber consortium seedling funding and an increase of $20 million for DARPA's enhanced non-kinetic/cyber modeling and simulation activities. The legislation also requires the Defense Department to perform several cybersecurity assessments, including: an assessment of the framework for the cybersecurity of the defense industrial base to determine if alternative or additional courses of action are necessary; and an assessment of the cybersecurity capabilities of commercial products and commercially available off-the-shelf items to ensure they are operationally effective, suitable, and survivable prior to their use on a network. Federal Risk and Authorization Management Program: The NDAA contains the FedRAMP Authorization Act, which codifies the program. This legislation creates a "presumption of adequacy" that cloud providers with authorization from one agency can use the authorization with other agencies. It also creates the Federal Secure Cloud Advisory...