10
(17) Transaction.—The term “transaction” means any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology product or service, including ongoing activities such as managed services, data transmission, software updates, repairs, or the provision of data hosting services, or a class of such transactions.
(a) In General.—The Secretary, in consultation with the relevant executive department and agency heads, is authorized to and shall take action to identify, deter, disrupt, prevent, prohibit, investigate, or otherwise mitigate, including by negotiating, entering into, or imposing, and enforcing any mitigation measure to address any risk arising from any covered transaction by any person, or with respect to any property, subject to the jurisdiction of the United States that the Secretary determines—
(1) poses an undue or unacceptable risk of—
