The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics.
DoD Microelectronics: Levels of Assurance Definitions and Applications.
Author(s)
National Security Agency
Cybersecurity Directorate
Joint Federated Assurance Center
Very good point.
I don't know the details. But at first glance this indeed looks like it sets up "Wack-a-Mole."