(f) The following DOT provisions and clauses are authorized for use in acquisitions of commercial products or commercial services when required by the individual provision or clause prescription:
- (1) 1252.201-70, Contracting Officer's Representative.
- (2) 1252.204-70, Contractor Personnel Security and Agency Access.
- (3) 1252.209-70, Organizational and Consultant Conflicts of Interest.
- (4) 1252.209-71, Limitation of Future Contracting.
- (5) 1252.211-70, Index for Specifications.
- (6) 1252.216-70, Evaluation of Offers Subject to an Economic Price Adjustment Clause.
- (7) 1252.216-71, Determination of Award Fee.
- (8) 1252.216-72, Award Fee Plan.
- (9) 1252.216-73, Distribution of Award Fee.
- (10) 1252.216-74, Settlement of Letter Contract.
- (11) 1252.222-70, Strikes or Picketing Affecting Timely Completion of the Contract Work.
- (12) 1252.222-71, Strikes or Picketing Affecting Access to a DOT Facility.
- (13) 1252.223-70, Removal or Disposal of Hazardous Substances—Applicable Licenses and Permits.
- (14) 1252.223-71, Accident and Fire Reporting.
- (15) 1252.223-73, Seat Belt Use Policies and Programs.
- (16) 1252.232-70, Electronic Submission of Payment Requests.
- (17) 1252.237-70, Qualifications of Contractor Employees.
- (18) 1252.237-71, Certification of Data.
- (19) 1252.237-72, Prohibition on Advertising.
- (20) 1252.237-73, Key Personnel.
- (21) 1252.239-70, Security Requirements for Unclassified Information Technology Resources.
- (22) 1252.239-71, Information Technology Security Plan and Accreditation.
- (23) 1252.239-72, Compliance with Safeguarding DOT Sensitive Data Controls.
- (24) 1252.239-73, Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.
- (25) 1252.239-74, Safeguarding DOT Sensitive Data and Cyber Incident Reporting.
- (26) 1252.239-75, DOT Protection of Information About Individuals, PII, and Privacy Risk Management Requirements.
- (27) 1252.239-76, Cloud Computing Services.
- (28) 1252.239-77, Data Jurisdiction.
- (29) 1252.239-78, Validated Cryptography for Secure Communications.
- (30) 1252.239-79, Authentication, Data Integrity, and Non-Repudiation.
- (31) 1252.239-80, Audit Record Retention for Cloud Service Providers.
- (32) 1252.239-81, Cloud Identification and Authentication (Organizational Users) Multi-Factor Authentication.
- (33) 1252.239-82, Identification and Authentication (Non-Organizational Users).
- (34) 1252.239-83, Incident Reporting Timeframes.
- (35) 1252.239-84, Media Transport.
- (36) 1252.239-85, Personnel Screening—Background Investigations.
- (37) 1252.239-86, Boundary Protection—Trusted Internet Connections.
- (38) 1252.239-87, Protection of Information at Rest.
- (39) 1252.239-88, Security Alerts, Advisories, and Directives.
- (40) 1252.239-89, Technology Modernization.
- (41) 1252.239-90, Technology Upgrades/Refreshment.
- (42) 1252.239-91, Records Management.
- (43) 1252.239-92, Information and Communication Technology Accessibility Notice.
- (44) 1252.239-93, Information and Communication Technology Accessibility.
- (45) 1252.242-70, Dissemination of Information—Educational Institutions.
- (46) 1252.242-71, Contractor Testimony.
- (47) 1252.242-72, Dissemination of Contract Information.