91 FR 37550
OFFICE OF MANAGEMENT AND BUDGET
Office of Federal Procurement Policy
DEPARTMENT OF DEFENSE
GENERAL SERVICES ADMINISTRATION
NATIONAL AERONAUTICS AND SPACE ADMINISTRATION
48 CFR Parts 1, 2, 4, 33, 39, 40, 52, and 53
[FAR Case 2026-001, Docket No. FAR-2026-0001, Sequence No. 1]
RIN 9000-AO86
AGENCY:
Office of Federal Procurement Policy (OFPP), Office of Management and Budget (OMB); Department of Defense (DoD); General Services Administration (GSA); and National Aeronautics and Space Administration (NASA).
ACTION:
Proposed rule.
SUMMARY:
OFPP, DoD, GSA, and NASA (collectively referred to as the Federal Acquisition Regulatory Council or FAR Council) are proposing to amend the Federal Acquisition Regulation (FAR) to implement Executive Order (E.O.) 14275, Restoring Common Sense to Federal Procurement. The E.O. directs the elimination of excessive acquisition regulations to stop the inefficient use of American taxpayer dollars. The FAR Council is issuing twelve proposed rules that collectively will streamline the FAR in its entirety. This rule proposes revisions to FAR parts 1, 2, 4, 33, 39, 40, 52, and 53.
DATES:
Interested parties should submit written comments to the Regulatory Secretariat Division at the address shown below on or before July 23, 2026, to be considered in the formation of the final rule.
ADDRESSES:
Submit comments in response to FAR Case 2026-001 to the Federal eRulemaking portal at https://www.regulations.gov. Follow the instructions for sending comments.
Instructions: Please submit comments only and cite “FAR Case 2026-001” in all correspondence related to this case. Include your name, company name (if any), and “FAR Case 2026-001” on any attached document. Comments received generally will be posted without change to https://www.regulations.gov, including any personal and/or business confidential information provided. Public comments may be submitted as an individual, as an organization, or anonymously (see frequently asked questions at https://www.regulations.gov/faq ). To confirm receipt of your comment(s), please check https://www.regulations.gov, approximately two to three days after submission to verify posting.
Docket: For access to the docket to read background documents or comments received, go to https://www.regulations.gov/FAR-2026-001.
FOR FURTHER INFORMATION CONTACT:
For clarification of content, contact FARpolicy@gsa.gov or call 202-969-4075 and cite “FAR Case 2026-001.” For information pertaining to status, publication schedules, or alternate instructions for submitting comments if https://www.regulations.gov cannot be used, contact the Regulatory Secretariat Division at 202-501-4755 or GSARegSec@gsa.gov. Please cite “FAR Case 2026-001.”
SUPPLEMENTARY INFORMATION:
E.O. 14275, Restoring Common Sense to Federal Procurement (April 15, 2025), resets the foundation for Federal buying by requiring the FAR Council to produce a streamlined FAR that is simpler, clearer, and structured for speed. According to the E.O., the FAR has evolved from its original purpose ( i.e., to establish uniform procedures across executive departments and agencies), into an excessive and overcomplicated regulatory framework and bureaucracy. While meant to “deliver, on a timely basis, the best value product or service to the customer, while maintaining the public's trust and fulfilling public policy objectives,” the FAR has become an expensive barrier to achieving those objectives. As a result, the E.O. directed the FAR Council and OMB to create an agile, effective, and efficient regulation that contains only provisions required by statute or essential to sound procurement.
To implement E.O. 14275, OMB issued Memorandum M-25-26, Overhauling the Federal Acquisition Regulation, which announced the “Revolutionary FAR Overhaul” (RFO) and created a roadmap for producing simpler regulations aligned to statute, rewritten in plain language, and including nonstatutory requirements that are necessary to conducting a sound procurement. The memorandum described a new streamlined vision for the FAR, to be maintained alongside nonregulatory governmentwide guidance to provide a common-sense authoritative foundation for nimble response and delivery of mission capability.
This new vision represents a paradigm shift where over-engineered regulations designed for paperwork and compliance are replaced with streamlined regulations focused on core stewardship principles and nonregulatory guidance that will be used in concert with the streamlined FAR focused on proven buying strategies, critical thinking, market awareness (including to expand awareness of goods, products, and materials offered in the United States), and risk literacy to enhance workforce problem-solving. The significant reduction of unnecessary mandates is intended to clarify and reinforce the contracting officer's discretion to determine the best way to apply policies and practices. The newly established, nonregulatory guidance, which has been inspired by acquisition innovation advocates, category managers, other experienced practitioners, and many years of feedback from the contractor community—is expected to facilitate contracting officers' use of their discretion more efficiently and effectively to make smarter buying decisions.
OMB Memorandum M-25-26 also directed the FAR Council to complete the regulatory overhaul in two phases, each with robust public input. The FAR Council conducted its phase one effort in fiscal year 2025 by issuing model class deviations to replace each part in the FAR until such time as formal rulemaking occurred. This proposed rule is one of a series that constitute the FAR Council's phase two effort to obtain public comment through formal rulemaking.
A summary of proposed changes to existing parts 1, 2, 4, 33, 39, 40, 52 and 53 are as follows:
1. General RFO updates. This proposed rule generally reorganizes the FAR parts into phases of acquisition and simplifies the text into plain language, where possible. The plain language efforts include changes to active voice, edits to improve readability, and reorganization to present information more logically. None of the plain language edits are intended to change existing FAR requirements. The rewriting of the entire FAR also required edits to harmonize the changes being proposed such as updating the cross- references. This aligns with the Federal plain language guidelines as directed by the Plain Writing Act of 2010 (5 U.S.C. 301 note).
2. Standardization of prescriptions. This rule proposes revisions to standardize prescriptions for provisions and clauses. These changes are intended to provide better clarity around the applicability of provisions and clauses such as whether they apply to commercial products and services.
3. Use of “must” instead of “shall”. Additional revisions are being proposed throughout the FAR text and FAR provisions and clauses to replace the use of the term “shall” with “must” or “will,” as appropriate, to impose requirements.
4. Non-statutory requirements. Section 4 of the E.O. required amendments to the FAR to ensure it contains only provisions that are required by statute or that are otherwise necessary to support simplicity and usability, strengthen the efficacy of the procurement system, or protect economic or national security. The FAR Council reviewed all non-statutory requirements to determine if they are still relevant and essential to sound procurement in today's contracting environment based on the criteria from section 4 of the E.O. The proposed rule retains non-statutory requirements that further one or more of the elements of sound procurements, including those requirements that serve as guardrails to protecting taxpayer interests and promote taxpayer confidence in the procurement system. Non-statutory requirements that were beneficial but not essential were retained in the non-regulatory guidance documents. Other non-statutory requirements that did not meet these standards were removed. The Council considered the extent to which regulation is the most efficient means for capturing the benefit of the policy. For example, most “how to” requirements were found to be more appropriately suited for non-regulatory coverage which better enables a contracting officer to use discretion in determining the application of a strategy to a given situation and limits the risk of overapplication, which can create wasteful burden on the contracting parties.
As part of the RFO, the FAR Council has created a number of non-regulatory resources, including the FAR Companion, which provides insight from experienced practitioners across the government on using more streamlined practices and processes. The migration of significant coverage to non-regulatory guidance is intended to ensure that the benefits of the policy are not outweighed by the compliance burden of a more rigidly written regulation that is prone to application in an overly broad manner. This approach was explained to the public in a set of “frequently asked questions” that were posted on the Revolutionary FAR Overhaul homepage shortly after the initiative was launched.
Proposed revisions to the guiding principles in FAR 1.102 prioritize a “mission first” approach, positioning it as the paramount principle of the Federal Acquisition Regulations System. This ensures that all acquisition activities are directly aligned with achieving the agency's overarching objectives and serving the public interest.
The proposed changes also elevate the importance of fiscal responsibility by prioritizing the best use of taxpayer dollars, which includes price preferences and incentives for domestically sourced goods and services. This principle underscores a commitment to “Buy American” laws, efficiency, cost-effectiveness, and accountability in all spending. Concurrently, the proposed changes recognize that timely acquisition and delivery are often essential for mission success.
The guiding principles retain a strong emphasis on satisfying the customer, ensuring that the needs and expectations of the end-users are met with high-quality products and services. It continues to encourage the maximization of commercial products and commercial services. It also continues to promote competition, recognizing it as a vital mechanism for driving innovation, achieving better value, while prioritizing participation of domestic suppliers to foster a resilient and competitive American industrial base. Finally, it encourages innovation, urging agencies to explore and adopt new technologies, processes, and approaches that can lead to more efficient, effective, and transformative outcomes in government contracting.
i. Relocation of FAR part 53, Forms. This rule proposes to relocate all information pertaining to forms from its current placement in FAR part 53, Forms to FAR part 1, Federal Acquisition Regulations System, specifically to the new proposed FAR subpart 1.6, Forms. This strategic move is designed to further enhance the consolidation of related information, by creating a more deliberate, logical, and user-friendly framework that fosters greater efficiency.
ii. Summary of changes to forms. This proposed rule directs the acquisition community to a new centralized website (see https://acquisition.gov/FARforms ) as the authoritative repository for all acquisition related forms. As a result, to update the list of forms, the FAR no longer needs to be amended through the formal rulemaking process. This reduces the administrative burden on the FAR Council and increases the Government's ability to quickly keep the list of forms up-to-date. The “Forms List” referenced in FAR 1.602(b) now performs the prescriptive function previously handled throughout FAR subparts 53.2 and 53.3, shifting the FAR's role from a static, self-contained text to a dynamic system that points to live, authoritative resources. The proposed change simplifies user access to the forms and forms-related information. The notice and comment process for substantive changes to forms prescribed by the FAR remains unchanged.
This rule proposes to update the FAR Council consistent with 41 U.S.C. chapter 13, to add the Administrator for Federal Procurement Policy.
Consistent with section 6 of E.O. 14275, this rule proposes to add a new regulatory sunset requirement to the FAR. A regulatory sunset establishes a process to review sections, provisions and clauses in the FAR, and identify those policies that are no longer required or are outdated and can be removed from regulation through rulemaking. This policy serves as a built-in mechanism to prevent the accumulation of outdated or unnecessary regulations and to encourage regular review of the regulatory framework.
To facilitate the implementation of the regulatory sunset, the FAR Council anticipates standardizing this process by issuing a future proposed rule at regular timed increments requesting public input on policies that should be reviewed and considered for sunset. This process aims to ensure public input helps drive the determination of what should be sunset.
Sections, provisions and clauses do not expire until removed from the Code of Federal Regulations through rulemaking unless an expiration date is otherwise noted inside a clause. The FAR Council may indicate through rulemaking the Government's intent not to enforce a clause after a stated date. (see FAR 1.109(b)).
This proposed rule revises the definition of individual deviation to correct an ambiguity and to make it clear that a solicitation with multiple awards needs a class deviation and not an individual deviation. Additional updates are being proposed to streamline the internal Government process where agencies request and receive approval for deviations from the FAR.
This rule proposes to make several streamlining changes to FAR part 1. While the requirements for OMB approval of information collections and recordkeeping requirements remain, to enhance efficiency and accessibility, the table listing OMB approved information collections by applicable FAR part is now available at https://www.acquisition.gov/FAR-PRA (see FAR 1.105).
Similarly streamlined is the relocation of the table listing the renaming of public laws as a result of the positive law codification of Titles 40 and 41 of the United States Code at FAR 1.110, which is now available at https://www.acquisition.gov/renamingpubliclaws.
This rule proposes to remove internal operating procedures related to the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council and relocate it on www.acquisition.gov, where similar information is already shared.
This rule proposes to consolidate disparate policies related to the contracting officer's representative (COR) into FAR 1.404, Contracting officer's representative. This consolidation helps to more clearly identify requirements for the designation of the COR, when a COR must be designated, the qualifications required to be a COR, and COR responsibilities.
This rule proposes to reduce a substantial amount of nonstatutory text in FAR part 1 including the removal of FAR provision 52.201-1, Acquisition 360: Voluntary Survey. The requirement to implement this survey is based on OFPP Memorandum Acquisition 360—Improving the Acquisition Process through Timely Feedback from External and Internal Stakeholders, dated March 18, 2015. The voluntary use of the survey has been relocated to the FAR companion guide.
This rule proposes to relocate FAR 1.102-2(a)(4) to paragraph (c) of FAR 7.201, Market research requirements, because the requirements address communications with industry. The text being relocated is based on requirements from Section 887 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2016 (Pub. L. 114-92).
This rule proposes to maintain some policy that is nonstatutory because the policy is necessary for maintaining, publishing, or providing direction for the operation of the FAR system. This includes policy for the publication and code arrangement proposed to be moved from FAR 1.105-1 to FAR 1.104, which provides instructions on where the FAR is published in the CFR, how the FAR is numbered and who is responsible for publishing the FAR.
Additionally, FAR conventions are proposed to be moved from FAR 1.108 to FAR 1.107. This section consolidates policies from FAR part 1 that address the usage of definitions, the ability to delegate authority within the FAR, specific dollar thresholds, applying FAR changes to solicitations and contracts, how statutes, executive orders, and other policies are cited in the FAR, and clarifies who the FAR is directing to take action.
This rule also proposes to consolidate and maintain other policies and procedures for—
(1) Authorizing deviations from the FAR as proposed at FAR subpart 1.3,
(2) Authority and responsibilities of the contracting officer as proposed at FAR 1.402;
(3) Designating and responsibilities of the COR as proposed at FAR 1.404;
(4) Ratification of unauthorized commitments as proposed at FAR 1.405; and
(5) Determination and findings proposed at FAR subpart 1.5.
This rule proposes removing several words and terms from FAR 2.101 that are either no longer expected to be referenced in the FAR or are now defined elsewhere. The words or terms being proposed for deletion include:
• Energy efficient standby power devices
• Environmentally preferable
• Federally controlled information system
• F.o.b. . ..(for other types of F.o.b., see 47.303)
• Projected average loss
• Registered in the System for Award Management (SAM)
• Shall
• Single, Governmentwide point of entry
• Sustainable acquisition
• Sustainable products and services
• Virgin material
• Waste reduction
This rule proposes to revise the meaning of words and terms used in FAR 2.101. These revisions are a result of changes being made to the FAR in this revolutionary FAR overhaul (RFO) rule, FAR case 2026-001, or in another RFO rule FAR case. Discussion related to the changes to these terms can be found in the applicable RFO rule FAR case. The proposed rule revises the following words or terms.
• Commercial computer software
• Commercial product
• Commercial service
• Commercially available off-the-shelf (COTS) item
• Computer software
• Governmentwide point of entry (GPE)
• Major system
• Micro-purchase
• Must
• Offer
• Offeror
• Reverse auction
• Service-disabled veteran-owned small business (SDVOSB) concern eligible under the SDVOSB Program
• Simplified acquisition procedures
• System for Award Management (SAM)
• Technical data
This rule proposes certain new words or terms along with their meaning to be added to FAR 2.101. These changes are a result of changes being made to the FAR in this RFO rule FAR case 2026-001, or in another RFO rule FAR case. The words or terms and their meanings are being added to FAR 2.101 because they will be used in more than one FAR part. The following words or terms are being added in FAR part 2.101:
• Controlled unclassified information (CUI)
• Federal information system (FIS)
• Information system
• SAM Contract Awards Management
This rule proposes certain words or terms along with their meaning to be moved from one FAR part to another FAR part. This change aligns with FAR drafting convention which provides that if a term is used in more than one FAR part it should be defined in FAR subpart 2.101, see also FAR 1.107(a). If a word or term is used only once then it resides in the applicable FAR part, subpart or section where it is used. The following is a list of words and terms that are being proposed to be moved to a new location within the FAR.
| Term | FAR Part location | Proposed new FAR part location |
|---|---|---|
| Activity Address Code | FAR 2.101 | FAR 4.001. |
| Design-to-cost | FAR 2.101 | FAR 7.101. |
| Designated operational area | FAR 2.101 | FAR 25.601-2. |
| Determination and findings | FAR 1.701 | FAR 2.101. |
| Disaster Response Registry | FAR 2.101 | FAR 26.101. |
| Energy-efficient product | FAR 2.101 | FAR 23.101. |
| Energy savings performance contract | FAR 2.101 | FAR 23.2. |
| Governmentwide commercial purchase card | FAR 13.001 | FAR 2.101. |
| Historically black college or university | FAR 2.101 | FAR 26.401. |
| Make-or-buy program | FAR 2.101 | FAR 15.104. |
| Minority Institution | FAR 2.101 | FAR 26.401. |
| Overtime premium | FAR 2.101 | FAR 22.101. |
| Pollution prevention | FAR 2.101 | FAR 23.401. |
| Qualification requirement | FAR 2.101 | FAR 9.201. |
| Qualified products list (QPL) | FAR 2.101 | FAR 9.201. |
| State and local taxes | FAR 2.101 | FAR 29.301. |
| Supporting a diplomatic or consular mission | FAR 2.101 | FAR 25.601-2. |
| Value engineering | FAR 2.101 | FAR 42.1401. |
| Value engineering change proposal (VECP) | FAR 2.101 | FAR 42.1401. |
i. Proposed changes to FAR part 2 include conforming changes to align with changes made in individual FAR parts including updating FAR citations used within a definition and to add an acronym to a term, if applicable. Additional changes to revise, add, remove or relocate definitions may be necessary to make conforming changes based on changes to other RFO rules.
ii. This rule proposes to change the meaning of the acronym “MAC” from “multi-agency contract” to mean “multiple-award contract”. This change aligns with the common usage of the acronym within the procurement community.
This rule proposes to add a new subpart 2.102, Acronyms, and abbreviations. The list of acronyms and abbreviations will be located at https://www.acquisition.gov/far-acronyms. This resource will enhance readability and establish a centralized repository for identifying acronyms and abbreviations used within the FAR. Acronyms and abbreviations will continue to be established once in each FAR part and in provisions and clauses.
This rule proposes to adjust the threshold for defining a “major system”. Section 1804 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2026 (Pub. L. 119-60) changes the Title 10 thresholds for “major system”. The NDAA language addresses threshold changes for both civilian agencies and DoD. However, the NDAA does not appear to make the same changes to Title 41. Consequently, the statutory thresholds described in 10 U.S.C. 3041 and 41 U.S.C. 109 are different. This rule proposes to incorporate the thresholds as described in section 1804 of the NDAA for both civilian agencies and DoD because of likely congressional intent to rely on Title 10 for the applicable thresholds.
This rule proposes to relocate security requirements, prohibitions and exclusions and their related provisions and clauses from FAR part 4 to FAR part 40. For more details, refer to paragraph G of this Discussion and Analysis section and the table under paragraph 4.e of section VII. of this preamble.
The guidance affecting the standardization of acquisition data was retained as essential to sound procurement. As part of its ongoing systems modernization effort, GSA has retired FPDS.gov and transitioned to SAM.gov. All contract award data that was previously available in FPDS.gov is now available in SAM Contract Awards Management. Material regarding contents of contract files and other internal Government procedures were relocated to the FAR Companion or removed to allow agencies maximum flexibility to use technology and other tools as they see fit.
There are no proposed changes to the provision at FAR 52.204-5, Women-Owned Business (Other Than Small Business), and the clause at FAR 52.204-19, Incorporation by Reference of Representations and Certifications. A minor change is proposed to the clause at FAR 52.204-9, Personal Identity Verification of Contractor Personnel, to standardize the subcontract paragraph.
Proposed changes to the clauses at FAR 52.204-10, Reporting Executive Compensation; 52.204-14, Service Contract Reporting Requirements; and 52.204-15, Service Contract Reporting Requirements for Indefinite-Delivery Contracts, exclude applicability to contracts for commercial acquisitions.
Proposed changes to FAR part 4 include streamlining the registration process in SAM by only having entity level representations and certifications in SAM. Representations and certifications that are procurement-specific ( e.g., the answer to the representation or certification might be different for each procurement of different products or services, rather than being “entity-level” such as a question about the offeror's status) or completed by submission of an offer will be removed from SAM and used in solicitations as prescribed in the FAR. Accordingly, the provision at FAR 52.204-8, Annual Representations and Certifications, will be removed. The FAR Council specifically invites feedback on potential impacts and changes in burden resulting from this substantial change in business process.
The proposed changes to FAR part 4 contemplate two clear paths for collecting information from entities interested in obtaining Government contracts. If SAM registration is required, the revised solicitation provision at FAR 52.204-7, proposed to be titled “System for Award Management-Registration,” and the revised contract clause at FAR 52.204-13, System for Award Management-Maintenance, consolidate entity level information (already being collected in SAM) from five provisions and its required maintenance from 2 clauses, respectively. If SAM registration is not required, the new solicitation provision at FAR 52.204-XX, Offeror Identification, and the new contract clause at FAR 52.204-YY, Contractor Identification, consolidate entity level information from five provisions and its required maintenance from 2 clauses, respectively.
This rule proposes to remove the FAR part 4 provisions and clauses described in the following table:
| FAR provision/clause | Rationale for proposed removal |
|---|---|
| 52.204-1, Approval of Contract | Obsolete content. |
| 52.204-3, Taxpayer Identification | Consolidated under FAR 52.204-7(b)(2) or 52.204-XX(c). |
| 52.204-6, Unique Entity Identifier | Consolidated under FAR 52.204-7(b)(1) or 52.204-XX(b). |
| 52.204-8, Annual Representations and Certifications | Only entity level representations and certifications will remain in SAM, see FAR 4.208(c)(1)(ii) or 52.204-7(c). |
| 52.204-12, Unique Entity Identifier Maintenance | Consolidated under FAR 52.204-13(e) or 52.204-YY(b). |
| 52.204-16, Commercial and Government Entity Code Reporting | Consolidated under FAR 52.204-7(b)(3) or 52.204-XX(d)(1). |
| 52.204-17, Ownership or Control of Offeror | Consolidated under FAR 52.204-7(b)(3) or 52.204-XX(d)(2). |
| 52.204-18, Commercial and Government Entity Code Maintenance | Consolidated under FAR 52.204-13(f) or 52.204-YY(c). |
| 52.204-20, Predecessor of Offeror | Consolidated under FAR 52.204-7(b)(3) or 52.204-XX(d)(2). |
| 52.204-22, Alternative Line Item Proposal | Obsolete content. |
This rule proposes to add FAR 33.100, Purpose of the bid protest system. The purpose statement sets forth objectives and expectations for the bid protest system. The primary goals of the bid protest process are to ensure efficient resolution of protests, minimize disruption to contract award, correct procurement errors quickly, and safeguard the rights of interested parties to an independent review of the alleged violations. The process is also intended to deter abuse and promote integrity in the FAR system. The protest process is not meant to serve as an alternate method for offerors to obtain post-award explanations, or debriefings, which can be addressed through other established procedures in the FAR ( e.g., FAR part 15).
This rule proposes to require contracting officers to report protests to the head of the contracting activity, see FAR 33.104-4(a)(4)(ii). This language was added as a step towards increasing confidence in agency protests, increasing the ability to capture data at the agency level on protests filed with contracting officers, and for agency management to respond to procurement issues raised in protests.
For protesters that elect an independent review by an official at a level above the contracting officer, this rule proposes to allow the disclosure of a redacted copy of the agency's final technical evaluation of the protester's proposal and a redacted copy of the source selection decision, see FAR 33.104-4(a)(5)(ii)(B). The disclosure of this information is available for any type of procurement ( e.g., FAR part 8, 12, 15). Additionally, this rule proposes to allow the protester to raise additional protest grounds, within a reasonable time set by the independent review official. These changes are intended to provide fuller disclosure, to build confidence in agency protests, and resolve more protests at the agency level (see FAR 33.104-4(a)(5)(ii)(C)).
This rule proposes to significantly streamline the FAR to remove regulatory text that repeats or summarizes Government Accountability Office (GAO) protest regulations, and instead points the contracting officer to the applicable GAO regulations at 4 CFR part 21. These changes make this FAR part more concise and easier to navigate for contracting officers while minimizing the risk of discrepancies between the different regulations and reducing the need for additional rulemaking.
This rule contemplates revising FAR 52.233-1, Disputes, by removing paragraph (i) and replacing it with paragraph (i) in Alternate I. It is believed that the language in paragraph (i) was based on the state of law as it existed prior to the enactment of the Contract Disputes Act, when agencies could only require performance to continue if the claim at issue was arising under the contract. After the enactment of the Contract Disputes Act, agencies were then able to require performance to continue regardless of whether the claim arises under or related to the contract.
Public comments are particularly invited on whether the removal of paragraph (i) and replacement of paragraph (i) in Alternate I would have any unintended consequences.
This rule proposes to remove the requirements at FAR 39.105, Privacy and FAR clause 52.239-1, Privacy or security safeguards since the requirements are inconsistently used and are no longer needed to safeguard privacy or security. The FAR contains other security controls that restrict the publication or disclosure regarding the details of any safeguards that are Federal contract information (see FAR 52.240-5, Covered Federal Information). Other controls exist that restrict disclosure of certain information and provide safeguards for Federal information systems ( e.g., a system security plan is protected from disclosure under National Institute of Standards and Technology (NIST) control PM-1: Information Security Program Plan, and a supply chain risk management plan is protected from disclosure under NIST control SR-2: Supply Chain Risk Management Plan).
Further, FAR 52.239-1 does not provide sufficient specificity regarding what Government access would be allowed, under what conditions, and how such information would be protected. Similarly, there is insufficient specificity regarding the scope and procedures for both the Government and contractor to share new or unanticipated threats or hazards.
This rule proposes to amend the title of FAR part 39 and the text of FAR 39.001, Applicability, to cover information and communication technology (ICT). The purpose of this change is to establish the scope of this FAR part which will set the framework for future rulemaking that will address emerging technologies. Information technology is not broad enough to cover areas that would be included within part 39 including: operational technology, emerging technology, and information systems.
This rule proposes to consolidate FAR case 2019-014, Strengthening America's Cybersecurity Workforce which was published as a proposed rule at 90 FR 297 on January 3, 2025, into this FAR case.
Eight respondents submitted comments on the proposed rule. Several respondents voiced support for standardizing cybersecurity workforce requirements across the Federal Government as it provides consistent standards for contractors and strengthens the cybersecurity workforce. Other comments supported defining the term “cybersecurity” and noted the clarity that this definition provides.
One respondent noted that the proposed updates to FAR 7.105 and FAR 12.202 were valuable but that these requirements may slow down the acquisition process. Similarly, the respondent noted that requiring agency documents to align with the NICE Framework ensures consistency but cautioned about the risk of updating too frequently would be burdensome on the workforce. This proposed rule does not incorporate changes related to FAR 7.105 and FAR 12.202. This proposed rule aligns with the streamlining goals of the RFO and all revisions are proposed to be implemented in FAR part 39.
This rule proposes to consolidate FAR Case 2024-005, Positioning, Navigation, and Timing Services to implement a policy for acquisition planners to consult the Federal Positioning, Navigation and Timing Services Acquisitions Guidance, to ensure responsible use of Positioning, Navigation and Timing (PNT) services, pursuant to section 4(e) of E.O. 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services, dated February 12, 2020. The E.O. was signed by the President on February 12, 2020, and published in the Federal Register at 85 FR 9359 on February 18, 2020.
The E.O. included numerous tasks that were to be accomplished before the FAR Council could proceed with amending the FAR, the last of which was the Department of Homeland Security's draft of contractual language in accordance with section 4(d) of the E.O., which was provided in May 2024.
Consistent with section 4(e) of E.O. 13905, this rule proposes to amend the FAR to implement a requirement for acquisition planners to consult the Federal PNT Services Acquisitions Guidance when developing requirements for products, systems, or services dependent on PNT services.
The E.O. seeks to help organizations protect against the disruption or manipulation of PNT services, particularly those organizations whose use of PNT services is vital to the functioning of U.S. critical infrastructure. The E.O. defines PNT services as “any system, network, or capability that provides a reference to calculate or augment the calculation of longitude, latitude, altitude, or transmission of time or frequency data, or any combination thereof.” When PNT is used in combination with satellites and other information ( e.g., weather or traffic data) to form a navigation system with global coverage, the result is called a Global Navigation Satellite System (GNSS), with the most recognizable service example being the Global Positioning System (GPS). While PNT encompasses so much more than navigational functions, GPS is a major component.
PNT services have become integral to the reliable and efficient functioning of critical technology and infrastructure, including the electrical power grid, communications infrastructure and mobile devices, all modes of transportation, precision agriculture, weather forecasting, and emergency response. Given the extensive reliance upon PNT services, disruption or manipulation of these services may adversely affect the national and economic security of the United States and Federal agencies must take such risks into consideration when planning for the acquisition of products, systems, and services that integrate or utilize such services.
To better enable the responsible use of PNT services, the E.O., in section 4(a), directed the Department of Commerce to create PNT profiles to help organizations (1) identify systems, networks, and assets dependent on PNT; (2) identify appropriate PNT sources for such systems; (3) detect disruption and manipulation of PNT services; and (4) manage the risks to these systems. Accordingly, NIST, under the Department of Commerce, produced NIST Internal Report (IR) 8323r1, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services, in January 2023.
In this foundational PNT profile, NIST mapped their cybersecurity framework functions of identify, protect, detect, respond, and recover to elements of responsible use of PNT services described in the E.O. ( i.e., identify PNT dependencies, identify appropriate PNT services, detect disruption and manipulation to PNT services, and manage risks to products and services dependent on PNT). This PNT profile provides a robust and flexible framework for PNT users to manage risks. The PNT profile is voluntary and intentionally generalized to enable the development of subsequent sector-specific profiles or guidance.
The Department of Homeland Security (DHS) was tasked in section 4(d) of the E.O. with the development of contractual language regarding PNT services for insertion in relevant Federal contracts. The Cybersecurity and Infrastructure Security Agency (CISA), a component of DHS, in conjunction with the Federal PNT Contract Language Development Working Group, developed guidance to assist agencies when procuring PNT-dependent products, systems, or services.
CISA's Federal PNT Services Acquisitions Guidance (Version 1.0), dated February 2024, leverages the PNT profiles established in NIST's IR 8323r1 to further aid PNT program managers, acquisition professionals, and contractors in the assessment of their PNT dependencies. The guidance also establishes recommendations for appropriate levels of resiliency based upon the operational needs of the proposed product, system, or service.
When considering the scope of this proposed rule and the appropriate language that would prompt relevant acquisition planners to consult the Federal PNT Services Acquisitions Guidance, the FAR Council harmonized potentially disparate terminology in the E.O. and utilized the language in section 4(a) of the E.O., “dependent on PNT services.”
The Federal PNT Services Acquisitions Guidance provides robust guidance to acquisition planners, and the effort entailed to understand and apply the guidance to a specific effort is complex and requires subject matter expertise. To apply this guidance to all products and services “that integrate or use” PNT services could be interpreted broadly. For example, a contracting officer acquiring a dozen office chairs may recognize the commercial carrier delivering the office chairs on behalf of the vendor utilizes a mapping service that uses GPS to assist in navigation to the office building. In this scenario, a contracting officer might consider whether they should work with the requiring activity to conduct a detailed PNT dependency and vulnerability analysis which requires significant cybersecurity expertise, turning what should be a simple commercial transaction for furniture into an unexpectedly burdensome exercise. This type of application would be disproportionate and at odds with the guiding principles of the FAR.
Conversely, a contracting officer acquiring a high-precision weather forecasting device or service that provides critical information for essential safety functions could expect the requiring activity to consider PNT services implications in the requirements documents. Federal procurement needs are extremely varied, and exercising sound business judgment is imperative in meeting customer needs while fulfilling policy objectives.
This rule also proposes the use of “as appropriate” in the prompting to acquisition planners to provide space for exercising sound business judgment in the best interest of the Government.
FAR 39.105, Positioning, navigation, and timing (PNT) services, is added to direct agencies to use the Federal Positioning, Navigation, and Timing Services Acquisition Guidance when acquiring products or services dependent on PNT services. The term “positioning, navigation, and timing (PNT) services” is being established under FAR 39.002, Definitions.
This rule proposes revisions to FAR part 40 to merge and consolidate regulations found in multiple FAR parts and subparts into a single, logically organized part. The proposed changes streamline requirements; improve national security, create a single “do not buy” list; reduce and harmonize over a dozen different provisions and clauses related to security prohibitions and exclusions; add requirements for handling controlled unclassified information; and implement covered procurement actions.
The definition of unmanned aircraft system is being proposed to be updated to implement the American Security Drone Act of 2023; Unmanned Aircraft System List of Associated Elements interim rule and to include a reference to 41 CFR 201-1.101 for the list of associated elements to be identified by the Federal Acquisition Security Council (FASC).
This proposed rule aims to consolidate the FAR cases listed in the following table:
| FAR case No. | FAR case title | Rule type | FR citation | FR date |
|---|---|---|---|---|
| 2017-016 | Controlled Unclassified Information | Proposed | 90 FR 4278 | 1/15/2025 |
| 2018-017 | Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment | 1st Interim 2nd Interim | 84 FR 40216 84 FR 68314 | 8/13/2019 12/13/2019 |
| 2019-009 | Prohibition on Contracting with Entities Using Certain Telecommunications and Video Surveillance Services or Equipment | 1st Interim 2nd Interim | 85 FR 42665 85 FR 53126 | 7/14/2020 8/27/2020 |
| 2019-018 | Federal Acquisition Supply Chain Security Act of 2018 | Proposed | Not published | N/A |
| 2020-011 | Implementation of FASCSA Orders | Interim | 88 FR 69503 | 10/5/2023 |
| 2023-010 | Prohibition on a ByteDance Covered Application | Interim | 88 FR 36430 | 6/2/2023 |
| 2024-002 | Prohibition on Unmanned Aircraft Systems From Covered Foreign Entities | Interim | 89 FR 89464 | 11/12/2024 |
Public comments received on these rules have been reviewed and considered in the drafting of this proposed rule.
This rule proposes to reorganize FAR part 40 into three key subparts: Processing Supply Chain Risk Information; Security Prohibitions and Exclusions; and Safeguarding Information. The changes proposed streamline requirements by merging and consolidating existing content from FAR parts 4, 25, and 40, removing redundancies, and improving clarity. Proposed revisions also consolidate five separate provisions into one provision. Similarly, this proposed rule also consolidates seven separate clauses to one clause. Reorganizing the content and consolidating information allows contractors and the acquisition workforce to better understand how current prohibitions are related, reducing the burden on the Government workforce and contractors while improving national security.
The FAR Council issued two interim rules (see FAR cases 2018-017 and 2019-009) to implement sections 1(a)(A) and 1(a)(B) of Section 889 of the NDAA for FY 2018. Respondents submitted comments in response to these interim rules. Many commenters recommended clarifying, updating, or creating defined terms to aid with implementation. There were also multiple commenters who expressed concern with the burden the rules imposed on the public and Government. To address the public comments received and reduce burden on both the public and Government, this rule proposes to incorporate the following updates to the prohibition requirements from the interim rules:
Update the definition of “covered telecommunications equipment or services” to clarify what “produced” means within the context of this definition. See FAR 40.201 and FAR 52.240-3, Security Prohibitions and Exclusions.
Update the definition of “critical technology” to a technology in whose absence a system cannot adequately operate or function. See FAR 52.240-3(a).
Add new definitions for “system,” “telecommunications equipment,” “telecommunications services,” “video surveillance equipment,” and “video surveillance services.” See FAR 40.201 and FAR 52.240-3. These definitions align with the definition of telecommunications at Defense Federal Acquisition Regulation Supplement (DFARS) 239.7401.
Add clarity regarding the scope of the prohibition exceptions. See FAR 52.240-3(b)(3).
To address questions regarding what activities are covered by the prohibition, this rule clarifies that the following activities are not individually considered use of covered telecommunications equipment or services: commercial sales, maintenance, testing services, warranty services, and employee's use of personal equipment. See FAR 52.240-3(d)(1).
This proposed rule harmonizes requirements for security prohibitions and exclusions. Changes are proposed to align standards for reasonable inquiry, reporting time frame and report requirements.
Previously, some of the prohibitions did not include a reasonable inquiry standard that clarified what level of effort is required to determine if there are any prohibited products or services. Also, the prohibitions that had reasonable inquiry standards used slightly different language between the prohibitions. This created more uncertainty for offerors and contractors while adding liability risk for industry. Under this proposed rule, there would be just one reasonable inquiry standard across the prohibitions that clarifies that an offeror or contractor does not need to conduct an internal or third-party audit. Consistent application of the standard reduces liability risk for offerors and contractors by clarifying that third party audits are not required and due diligence does not require gathering information outside their possession. See FAR 52.240-2(c) through (g) and FAR 52.240-3(g) and (j)(2).
Another inconsistency across various security prohibitions and exclusions is the various disclosure and reporting requirements. This rule proposes to standardize the report and disclosure timeframe to 72 hours from discovery with just one required report. This change aligns with the 72 hours for incident reporting which is the reporting standard in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and the DoD CUI incident reporting requirements in DFARS 252.204-7012. Providing one standard timeframe for prohibitions and incident reporting simplifies reporting for offerors and contractors.
This proposed rule also harmonizes the disclosure and reporting elements required in each report. This reduces burden and simplifies compliance for offerors and contractors who will have to spend less time deciphering unique reporting requirements for each prohibition.
This rule proposes to implement section 203 of the Federal Acquisition Supply Chain Security Act of 2018 (Title II of the SECURE Technology Act, Pub. L. 115-390, Dec. 21, 2018 (see 41 U.S.C. 4713)). This statute authorizes agencies to take agency specific exclusion actions called “covered procurement actions.” The specific exclusion actions allowed by the statute are defined in this rule as part of the definition of covered procurement action. The rule clarifies that agencies must establish procedures to ensure compliance with the requirements in 41 U.S.C. 4713, and that the use of this authority applies to a single covered procurement action or a class of covered procurement actions.
This rule proposes to add requirements within the consolidated provision at FAR 52.240-2 at paragraphs (b)(3) and (e) that would require an offeror to represent that they have conducted a reasonable inquiry, and that the offeror does not propose to provide or use in response to a solicitation any products or services that are prohibited by an applicable covered procurement action in effect on the date the solicitation was issued, except as waived by the solicitation, or as disclosed by the offeror.
This rule also proposes to add requirements to the consolidated clause at paragraph (f) in FAR 52.240-3. FAR 52.240-3(f) prohibits contractors from providing or using any products or services in performance of the contract that are prohibited by an applicable covered procurement action that has been identified in the solicitation or posted in SAM at www.sam.gov, unless the Government has issued an applicable waiver. Under the authority of 41 U.S.C. 4713, covered-procurement actions are specific agency decisions with respect to supply chain risk, and do not apply to micro-purchases. The statute requires a procurement to include a supply chain risk requirement or evaluation factor before a covered procurement action can apply and micro-purchases do not have a supply chain risk requirement or evaluation factor.
Changes are proposed to amend the FAR to implement the National Archives and Records Administration's (NARA) Controlled Unclassified Information Program enacted under an Executive Order entitled Controlled Unclassified Information. These FAR changes are proposed to implement NARA's final rule on the Federal CUI Program as it relates to performance under Federal contracts.
This rule proposes to create a common mechanism, the Standard Form XXX, Controlled Unclassified Information (CUI) Requirements, to enable a uniform process for communicating the information contractors must manage and safeguard as well as identify where a CUI incident must be reported and when there are CUI incident reporting requirements that differ from or are in addition to those in the clause at FAR 52.240-7(e). Currently laws, Federal regulations, and Government-wide policies already mandate these protections, but there is not a standard way these requirements are identified and shared with contractors.
On January 15, 2025, the FAR Council issued FAR Case 2017-016, Controlled Unclassified Information, as a proposed rule at 90 FR 4278. Respondents submitted comments in response to this proposed rule. Multiple respondents submitted comments regarding the CUI incident reporting timeline. Based on these comments, the timeline for reporting CUI incidents has been updated in this proposed rule to 72 hours from discovery which aligns with related incident reporting requirements ( e.g., DFARS 252.204-7012, Cyber Incident Reporting for Critical Infrastructure Act of 2022) and ensures contractors have sufficient time to provide accurate information and determine whether the event qualifies as a CUI incident. The rule has been updated so that the contractor must submit within the first report as many of the applicable data elements that are available at the time. If the first report does not contain all of the applicable data elements or some of the information changes after the investigation is substantially complete, the contractor must submit a subsequent report containing the updated or new information in accordance with FAR 52.240-7(e)(2).
This rule also incorporates the following significant updates to the CUI requirements that will reduce burden on both the public and Government. Additionally, the clause at FAR 52.240-YY, Identifying and Reporting Information That Is Potentially Controlled Unclassified Information, has been deleted. These changes were based on the public comments received on the proposed rule published at 90 FR 4278. The FAR Council is seeking additional comments on these proposed changes.
CUI Incident Reporting Location for CUI in a Non-Federally-controlled Facility. The location for incident reporting for Department of Defense contracts is https://dibnet.dod.mil and for non-Department of Defense contracts is to CISA at https://www.cisa.gov/reporting-cyber-incident. The contractor must also provide a notification to the contracting officer that a CUI incident report has been submitted. For any CUI incident involving a FedRAMP authorized cloud computing service provider that has reported the CUI incident in accordance with FedRAMP Incident Communication Procedures, the contractor is not required to submit any additional report beyond following the FedRAMP Incident Communication Procedures.
CUI Incident Reporting Subcontractor Requirements. The subcontractor reporting in the rule has been updated to have the subcontractor report directly to the Government and provide a notification to the contracting officer and next higher tier contractor (if applicable) in accordance with FAR 52.240-7(e)(2).
CUI Incident Reporting Scope. The definition of CUI incident has been updated to only require unauthorized disclosures, improper modifications, or improper destruction of CUI, in any form or medium, or unauthorized access to the information system on which the CUI resides. The definition has also been updated to clarify that improper handling of CUI ( e.g., unmarked or mismarked CUI) is not a CUI incident unless the improper handling has resulted in unauthorized disclosure, improper modification, or improper destruction of CUI. The rule has also been updated to add an exception for any CUI incident involving a FedRAMP authorized cloud service provider that is reported in accordance with FedRAMP incident communication procedures.
Reporting of Unmarked or Mismarked CUI. This rule proposes to extend the reporting time frame to 72 hours from discovery to align with related incident reporting requirements ( e.g., DFARS 252.204-7012, Cyber Incident Reporting for Critical Infrastructure Act of 2022) and ensure contractors have sufficient time to provide accurate information.
Training. This rule proposes to remove the requirement for specific training that mandated a one-size-fits-all approach for how contractors must train their employees. The updated approach provides flexibility similar to other FAR requirements regarding how contractors ensure their employees will have the knowledge, skills, and abilities to comply with the requirements of this rule.
Contractor Liability. The rule has been updated to remove the language specifying contractor liability for CUI incidents.
Contractor Identification of Proprietary Information. The prescriptive requirements to identify contractor proprietary information have been removed from the CUI provision and clause, because other parts of the FAR already detail requirements for handling such information ( e.g., FAR 3.104-4 and 52.215-1(e)).
Contractor Proprietary Information Status as CUI. This rule proposes to update the definition of CUI to add an exception for information a contractor creates or possesses that a law, regulation, or Governmentwide policy does not specifically require the contractor to handle using safeguarding or dissemination controls.
Standard Form XXX. This rule proposes to update the SF XXX to add information regarding the safeguarding and/or dissemination authority and the indicator for identifying each category of CUI. This update will make it easier for contractors to understand the specific types of CUI that will be involved, including the specific controls. Additional conforming updates have been made to the SF XXX to conform with updates in the clause at FAR 52.240-7 and provision at FAR 52.240-6 ( e.g., removal of training requirements). To reduce burden and ensure uniformity across the Government, SF XXX was also updated to identify the applicable organizational defined parameters for NIST 800-171 Revision 3. These organizationally defined parameters are necessary to ensure contractors only have to follow one standardized requirement across Government. The Government intends to harmonize these organizationally-defined parameters to ensure contractors can follow one standardized approach for protecting CUI across agencies. Consequently, this rule aligns to the values that will be codified in 32 CFR part 170 via DoD rulemaking. Current definitions for these values may be found at https://dowcio.war.gov/Portals/0/Documents/CMMC/OrgDefinedParmsNISTSP800-171.pdf.
Enhanced Controls Using NIST SP 800-172. This rule proposes to update the clause at FAR 52.240-7 to clarify that specific requirements within NIST SP 800-172 will only apply when identified by the agency for a critical program or high-value asset. The Government intends to harmonize these organizationally-defined parameters to ensure contractors can follow one standardized approach for protecting CUI across agencies. Consequently, this rule aligns with the values at 32 CFR 170.14.
Potential Inconsistent Requirements Between This Rule and Other Regulations. This rule proposes to add a new paragraph (f) to FAR clause 52.240-7 that states contractors must notify the contracting officer within 72 hours of determining that they are not able to comply with any of the requirements in this clause due to conflict with another law or regulation. This will allow flexibility for agencies to work with contractors on alternative controls where another domestic or foreign law may prevent compliance with a specific requirement in the clause.
Government Access to Contractor Facilities and Systems. This rule proposes to remove the compliance requirements at FAR 52.240-7(e).
Government Validation Actions. This rule proposes to remove the compliance section in the clause that contained the validation requirements since specific procedures for validation do not need to be specified in this rule. Normal contract administration procedures for validating compliance with requirements are sufficient.
CUI Definition. This rule proposes to update the definition for CUI to remove the exclusions for covered Federal information and classified information since these exclusions are not necessary for these terms.
Cloud Services Controls. The rule proposes to update FAR 52.240-7 to state that if the Contractor uses a cloud service provider to store, process, or transmit any CUI identified in SF XXX, the cloud computing service provider must meet security requirements equivalent to those established by the Government for FedRAMP Moderate baseline. This is meant to provide more flexibility to the contractor while ensuring the contractor implements the applicable security requirements.
Patents. This proposed rule removes updates to patents in FAR part 27.
Subcontract Flow Down. This proposed rule updates the subcontractor flowdown at FAR 52.240-7(g) to clarify that there is no requirement to include the SF XXX or modified version of the SF XXX. Contractors can decide how best to flow down the requirements in the SF XXX.
Virtual Desktop Infrastructure. This proposed rule updates FAR 52.240-7(d)(3)(ii)(A) to state that an endpoint hosting a virtual desktop infrastructure (VDI) client configured to prevent any processing, storage, or transmission of CUI beyond the keyboard/video/mouse sent to the VDI client is considered an out-of-scope asset.
Telecommunication Providers Transmitting CUI. The rule has been updated to exempt commercial communications networks that transmit government and non-government information using the same equipment, protocols, and methodologies, without regard to the source or recipient of the information (see FAR 52.240-7(d)(3)(ii)(A)).
1. FAR 52.000, 52.1 and 52.3. This proposed rule updates FAR 52.000, Scope of part, and 52.3, Provision and Clause Matrix to remove the text and mark it as reserved. FAR 52.1, Instructions for Using Provisions and Clauses, is being proposed to be revised to streamline and remove nonstatutory and redundant text. The text in FAR 52.101(b)(1), concerning the numbering of FAR provisions and clauses, is being proposed to be moved to FAR 1.104(b), where other details about the FAR's arrangement and numbering are provided. Additionally, the text at FAR 52.101(b)(2), which addresses provisions or clauses supplementing the FAR, is proposed for relocation to FAR 1.201(a)(1). This move aims to consolidate information related to agency acquisition regulations.
2. FAR Part 52 renumbering of provisions and clauses. As a result of the RFO, the FAR Council is considering establishing a new FAR subpart in part 52, and relocating and renumbering all provisions and clauses under this new subpart. This means, if subpart 52.4 was used, all provisions and clauses would begin with 52.4 instead of 52.2. This change is anticipated to prevent confusion and increase compliance by creating a clear distinction between versions of a provision or clause prior to the RFO. Other benefits include avoiding potential clause numbering conflicts and information system and data collection impacts. The FAR Council welcomes comments on the potential impact of such a change on contractors, government personnel, and other stakeholders.
This rule proposes to relocate the content from the existing FAR part 53 to a new FAR subpart 1.6, and mark FAR part 53 as reserved. For more details, refer to paragraph B.2 of this Discussion and Analysis section.
The following sections address the applicability of provisions and clauses prescribed in parts 1, 2, 4, 33, and 40 to solicitations and contracts valued at or below the simplified acquisition threshold (SAT) and those for the acquisition of commercial products, commercially available off-the-shelf (COTS) items, and commercial services. Prescriptions for provisions and clauses in these parts have been updated to reflect applicability to commercial acquisitions.
This proposed rule, if finalized, does not alter the prescriptions of provisions and clauses included in this proposed rule to change their applicability to contracts and subcontracts valued at or below the SAT.
This proposed rule, if finalized, would consolidate the provisions at FAR 52.204-3, Taxpayer Identification; 52.204-6, Unique Entity Identifier; 52.204-16, Commercial and Government Entity Code Reporting; 52.204-17, Ownership or Control of Offeror; and 52.204-20, Predecessor of Offeror; under the revised provision at FAR 52.204-7, if SAM registration is required; or a new solicitation provision at FAR 52.204-XX, Offeror Identification, if SAM registration is not required.
This proposed rule, if finalized, would consolidate the clauses at FAR 52.204-12, Unique Entity Identifier Maintenance; and 52.204-18, Commercial and Government Entity Code Maintenance; under the revised clause at FAR 52.204-13, if SAM registration is required; or a new contract clause at FAR 52.204-YY, Contractor Identification, if SAM registration is not required. The consolidated FAR provisions and clauses would continue to apply to contracts valued at or below the SAT.
This proposed rule, if finalized, would transfer the provision(s) at 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment, 52.204-26, Covered Telecommunications Equipment or Services—Representation, 52.204-29, Federal Acquisition Supply Chain Security Act Orders—Representation and Disclosures, 52.225-20, Prohibition on Conducting Restricted Business Operations in Sudan—Certification, and 52.225-25, Prohibition on Contracting with Entities Engaging in Certain Activities or Transactions Relating to Iran—Representation and Certifications and consolidate the requirements into a new provision at FAR 52.240-2, Security Prohibitions and Exclusions- Representations and Certifications.
Additionally, this proposed rule, if finalized, would transfer the clauses(s) at 52.204-23, Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities, 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, 52.204-27, Prohibition on a ByteDance Covered Application, 52.204-28, Federal Acquisition Supply Chain Security Act Orders—Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts, 52.204-30, Federal Acquisition Supply Chain Security Act Orders—Prohibition, 52.225-13 Restrictions on Certain Foreign Purchases, and 52.240-1 Prohibition on Unmanned Aircraft Systems Manufactured or Assembled by American Security Drone Act—Covered Foreign Entities and consolidate the requirements into a new clause at FAR 52.240-3, Security Prohibitions and Exclusion. The provision and clause would continue to apply to contracts and subcontracts valued at or below the SAT. See section II.G.4. of this preamble.
This proposed rule, if finalized, will also implement the requirements of section 203 of the Federal Acquisition Supply Chain Security Act of 2018 (Title II of the SECURE Technology Act, Pub. L. 115-390, Dec. 21, 2018 (see 41 U.S.C. 4713)) in the provision at FAR 52.240-2, Security Prohibitions and Exclusions—Representations and Certifications, and the clause at FAR 52.240-3, Security Prohibitions and Exclusions. 41 U.S.C. 1905 governs the applicability of laws to contracts valued at or below the SAT. Section 1905 exempts contracts and subcontracts valued at or below the SAT from certain provisions of law unless the Federal Acquisition Regulatory Council (FAR Council) makes a written determination that doing so would not be in the best interest of the Federal Government. The FAR Council intends to make a determination to apply this statute to acquisitions valued at or below the SAT. Covered procurement actions, which are specific agency decisions with respect to supply chain risk executed under the authority in 41 U.S.C. 4713, will not be taken with respect to micro-purchases, since the statute requires a procurement to include a supply chain risk requirement or evaluation factor before a covered procurement action can apply and micro-purchases do not have a supply chain risk requirement or evaluation factor. See section II.G.4. of this preamble.
41 U.S.C. 1906 governs the applicability of laws to contracts for the acquisition of commercial products and commercial services and gives the FAR Council the authority to determine to apply a law to contracts or subcontracts for the acquisition of commercial products and commercial services. 41 U.S.C. 1907 exempts contracts for commercially available off-the-shelf (COTS) items from certain provisions of law unless the Administrator for Federal Procurement Policy determines that doing so would not be in the best interest of the Federal Government.
Section 839 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 (Pub. L. 115-232) required the FAR Council and the Administrator of Federal Procurement Policy to review prior determinations under 41 U.S.C. 1906 and 41 U.S.C. 1907, as well as the applicability of provisions and clauses to contracts and subcontracts for commercial products, COTS items, and commercial services that do not implement statute or Executive Order, and propose amendments to the FAR to eliminate or exempt such requirements from commercial acquisitions, unless there are specific reasons to retain particular requirements.
In accordance with section 839 of the NDAA for FY 2019 and their authorities under 41 U.S.C. 1906 and 1907, the FAR Council reviewed the applicability of the provisions and clauses associated with the FAR parts covered by this proposed rule.
The following table reflects the FAR Council and Administrator of Federal Procurement Policy's proposed determination regarding the applicability of the provisions and clauses to solicitations and contracts for commercial products, COTS items, and/or commercial services. In making proposed applicability determinations, the FAR Council considered factors such as whether the provision or clause advances national security or economic security, contributes to the resilience of contractors and subcontractors in the federal marketplace, or advances uniformity and clarity in the performance of basic functions that are essential to sound procurement.
Accordingly, this proposed rule, if finalized, would revise provision and clause prescriptions to clearly reflect applicability to commercial acquisitions as outlined in the table. An “X” in the following table indicates the provision or clause will apply to that category of commercial acquisition, as prescribed:
| Provision/clause No. | Title | Commercial products | Commercial services | COTS items |
|---|---|---|---|---|
| 52.201-2 | Computer Generated Forms | X | X | X |
| 52.202-1 | Definitions | X | X | X |
| 52.204-5 | Women-Owned Business (Other Than Small Business) | X | X | X |
| 52.204-7 | System for Award Management—Registration | X | X | X |
| 52.204-7 Alt I | System for Award Management—Registration | X | X | X |
| 52.204-9 | Personal Identity Verification of Contractor Personnel | X | X | |
| 52.204-10 | Reporting Executive Compensation and First-Tier Subcontract Awards | |||
| 52.204-13 | System for Award Management—Maintenance | X | X | X |
| 52.204-14 | Service Contract Reporting Requirements | |||
| 52.204-15 | Service Contract Reporting Requirements for Indefinite-Delivery Contracts | |||
| 52.204-19 | Incorporation by Reference of Representations and Certifications | X | X | X |
| 52.204-XX | Offeror Identification | X | X | X |
| 52.204-YY | Contractor Identification | X | X | X |
| 52.233-1 | Disputes | X | X | X |
| 52.233-2 | Service of Protest | X | X | X |
| 52.233-3 | Protest after Award | X | X | X |
| 52.233-3 Alt I | Protest after Award | |||
| 52.233-4 | Applicable Law for Breach of Contract Claim | X | X | X |
| 52.240-2 | Security Prohibitions and Exclusions—Representations and Certifications | X | X | X |
| 52.240-3 | Security Prohibitions and Exclusions | X | X | X |
| 52.240-3 Alt I | Security Prohibitions and Exclusions | X | X | X |
| 52.240-4 | Classified information | X | X | X |
| 52.240-4 Alt I | Classified information | |||
| 52.240-4 Alt II | Classified information | X | ||
| 52.240-5 | Covered Federal Information Systems | X | X | |
| 52.240-6 | Notice of Controlled Unclassified Information | X | X | |
| 52.240-7 | Controlled Unclassified Information | X | X |
The FAR Council also reviewed subcontract flow down requirements in clauses associated with the FAR parts covered by this proposed rule. The following table reflects the FAR Council and Administrator of Federal Procurement Policy's proposal regarding whether those clauses flow down to subcontracts for commercial products, COTS items, and/or commercial services. This proposed rule, if finalized, would revise the subcontract paragraphs in these clauses to clearly state whether the clause flows down to commercial subcontracts, as outlined in the table. An “X” in the following table indicates the provision or clause will apply to subcontracts for that category of commercial subcontracts, as described in the clause:
| Clause No. | Title | Commercial products | Commercial services | COTS items |
|---|---|---|---|---|
| 52.204-9 | Personal Identity Verification of Contractor Personnel | X | X | |
| 52.204-14 | Service Contract Reporting Requirements | |||
| 52.204-15 | Service Contract Reporting Requirements for Indefinite-Delivery Contracts | |||
| 52.240-3 | Security Prohibitions and Exclusions | X | X | X |
| 52.240-3 Alt I | Security Prohibitions and Exclusions | X | X | X |
| 52.240-4 | Classified information | X | X | X |
| 52.240-4 Alt I | Classified information | X | X | X |
| 52.240-4 Alt II | Classified information | X | X | X |
| 52.240-5 | Covered Federal Information Systems | X | X | |
| 52.240-7 | Controlled Unclassified Information | X | X |
The intended impact of the RFO, as stated in E.O. 14275, is to restore the Government's ability to “deliver on a timely basis the best value product or service to the customer, while maintaining the public's trust and fulfilling public policy objectives.” Each of the RFO rulemakings is designed to contribute to this impact by emphasizing mission first, by aligning acquisition activities directly to achieving the agency's overarching objectives and serving the public interest and elevating the importance of fiscal responsibility. The proposed RFO rules focus on three goals in particular: (1) timely acquisition and delivery, (2) lower cost and accountability in all spending, and (3) increased competition.
Timeliness. Timely acquisition and delivery are essential for mission success. To this end, RFO rules propose to eliminate mandates that unnecessarily interfere with agency discretion to determine the best way to procure products and services. The proposed RFO rules highlight more clearly streamlined and simplified authorities that allow buyers to use their time more efficiently and are expected to reduce time between solicitation and award. The proposed RFO rules are expected to make it easier for contracting officers to leverage commercial practices that are familiar to the commercial marketplace. This is expected to make it easier for sellers to engage and respond to Government solicitations more rapidly.
Lower cost. E.O. 14271, Ensuring Commercial, Cost-Effective Solutions in Federal Contracts (April 15, 2025), directs the Government to utilize, to the maximum extent practicable, the commercial marketplace and the innovations of private enterprise to provide better, more cost-effective services to taxpayers, as envisioned by the Federal Acquisition Streamlining Act. The procurement of custom products and services where a suitable or superior commercial solution would have fulfilled the Government's needs has resulted in avoidable waste to the detriment of American taxpayers.
To address these concerns, consistent with associated responsibilities in section 839 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 (Pub. L. 115-232), the FAR Council reviewed prescriptions for provisions and clauses to ensure all prescriptions are clear regarding their applicability to acquisitions for commercial products and services. Currently, many prescriptions do not specify applicability to commercial acquisitions and leave the applicability determination to contracting officer interpretation. By specifically stating when a provision or clause can be applied to commercial acquisitions, proposed RFO rules should decrease the likelihood of inclusion of provisions and clauses in commercial acquisitions that are not required by law and drive greater consistency in the terms and conditions used in these contracts. In turn, these changes should increase the participation of commercial sellers, who are unwilling or unable to manage the cost of complying with noncommercial requirements, and also improve taxpayer access to affordable commercial solutions.
Some RFO rules propose to delete requirements placed on commercial or noncommercial sellers that are not related to performance of the contract, drive up cost without attendant performance benefits, and may misdirect efforts away from innovation, investment and economic growth. Greater emphasis on timeliness should reduce bidders' carrying costs, enabling them to pass those savings on to customers through lower prices.
Increased competition. Since enactment of the Competition in Contracting Act of 1984 (Title VII of Pub. L. 98-369), competition has been the cornerstone of the Federal acquisition system. The benefits of competition are well established: competition saves money for the taxpayer, improves contractor performance, curbs fraud, and promotes accountability for results. Competition also drives contractor resilience and positions the U.S. market to develop a strategic advantage for the nation.
According to data in the SAM Contract Awards Management, roughly 45 percent of contract dollars were awarded in FY 2025 either without competition or with competition that received only one offer. Of equal concern, the Federal marketplace has seen a significant decline over the past 20 years in the number of businesses—especially small businesses—participating in the Federal supplier base. Studies suggest that high compliance costs lead to the misallocation of resources away from more profitable activities and discourage innovation, investment, and economic growth (Council of Economic Advisers, Executive Office of the President. June 2025. The Economic Benefits of Current Deregulatory Policies. https://www.whitehouse.gov/wp-content/uploads/2025/03/The-Economic-Benefits-of-Current- Deregulatory-Efforts.pdf ). This may shelter incumbent contractors and stifle competition, reducing startup activity and job formation.
The RFO rules seek to increase participation in agency competitions and the resilience of the Federal supplier base, which includes commercial entities, small businesses, manufacturers, and nontraditional suppliers. The RFO will achieve this outcome by removing regulatory mandates that are not rooted in statute or essential to sound procurement, promoting greater reliance on practices that reduce transaction costs, and improving the quality of communications with offerors and potential offerors. Access to a broader range of solutions in a more dynamic marketplace will drive better return for each taxpayer dollar spent and increase taxpayer confidence in the Federal acquisition system.
The Government has conducted a regulatory impact analysis (RIA) for the RFO rulemaking inclusive of this proposed rule for FAR parts 1, 2, 4, 33, 40 and 53. The RIA includes a discussion of the anticipated effects of the rulemakings as follows:
This proposed rule, if finalized, is not expected to have a significant impact on contractors or subcontracts. The proposed changes to FAR part 1 are primarily internal Government procedures.
Guiding principles. FAR part 1 revises the guiding principles for the entire FAR system and sets the tone for the revolutionary FAR overhaul. The FAR now emphasizes the importance of meeting the agency's mission first efficiently and effectively. By prioritizing the efficient and effective achievement of agency missions, the revision is expected to streamline decision-making and better align acquisition outcomes with strategic Government goals.
The proposed changes also recognize the value of timely acquisitions balanced with encouraging innovation, promoting merit and meeting mission ensures taxpayer dollars are being spent effectively, which benefits both Government and industry. The explicit recognition of timely acquisitions, balanced with encouraging innovation and merit, is a benefit that fosters a more dynamic and responsive marketplace. This strategic balance is intended to drive better value and more effective stewardship of taxpayer dollars.
The retention and stronger emphasis on maximizing commercial products and commercial services will ensure the Government leverages the full capabilities of the commercial sector.
Regulatory sunset. This proposed rule establishes a process for the FAR Council to periodically evaluate the non-statutory requirements retained in the FAR. This is expected to create burden for the FAR Council to conduct reviews and issue notices for public comment. However, it is expected to provide benefits to contractors and create a more agile FAR that keeps pace with changes in technology and the Federal marketplace. By requiring non-statutory rules to be periodically re-evaluated, it ensures that regulations remain necessary, clear, and relevant. Periodic re-evaluation also encourages the FAR Council to assess whether the expected benefits or costs associated with a provision have increased or decreased due to changes in technology or other relevant factors. During this process the costs and benefits of any action will be assessed as part of the rulemaking.
Streamlining. The streamlining and removal of the table listing OMB approved information collections and the table listing the renaming of public laws as a result of the positive law codification from the FAR to www.acquisition.gov, enhance accessibility and reduce the administrative complexity associated with the FAR. This shift from a static text to a system pointing to live resources means that updates can occur without the lengthy rulemaking process, ensuring that information stays current, which ultimately makes it easier and faster for contractors to do business with the Government.
This proposed rule, if finalized, is not expected to have a significant impact on contractors or subcontracts.
The proposed changes to FAR part 2 are intended to (1) remove terms that are no longer expected to be used in the FAR; (2) make revisions to the meaning of existing terms; (3) add new terms that are intended to be used in multiple FAR parts; (4) relocate certain terms to another FAR part where the term is used; and (5) create an acronym list. These changes are expected to benefit both industry and the Government by enhancing readability of the FAR.
The proposed changes to part 4 are expected to have a significant positive impact on both industry and the Government.
• Reducing industry burden by not applying the following clauses to commercial contracts: FAR 52.204-10, 52.204-14, and 52.204-15.
• Streamlining and clarifying the collection of information from entities interested in obtaining Government contracts whether SAM registration is required or not.
• Reducing burden by consolidating 5 separate solicitation provisions into 2 provisions, FAR 52.204-7 when SAM registration is required or FAR 52.204-XX when SAM registration is not required.
• Streamlining SAM registration by only having entity level representations and certifications in SAM.
For the Government, the changes will result in:
• Simplified Federal procurement.
• Improved procurement outcomes through more accurate and traceable terms and conditions that are specific to each individual procurement.
For industry, the changes will result in:
• A SAM registration process that is more efficient and easier to navigate.
• Reduced administrative burden and fewer requests to update company information in SAM once procurement-specific representations and certifications are moved to the individual solicitations.
This proposed rule, if finalized, is not expected to have a significant impact on contractors or subcontracts. The proposed changes to FAR part 33 more clearly describe the purpose of protests, encourage more disclosure of information at the agency protest level, and streamline General Accountability Office (GAO) protest procedures. These changes are intended to benefit and reduce burden on both Government and contractors.
This proposed rule establishes a purpose statement of the bid protest system (see FAR 33.100). Establishing a clear purpose statement for the bid protest system is fundamental to maintaining a fair and transparent bid protest system because it safeguards interested parties' rights to an independent review while promoting integrity, competition, and accountability in the FAR system. This clarity of purpose also serves to deter and discourage abuse, thereby reducing frivolous protests and minimizing disruption to the award process.
Agency protest enhancements are being proposed in this rule, including requiring contracting officers to report protests to the head of the contracting activity. This is expected to create additional burden on agencies to capture and track this information. However, this information is expected to result in improved economy and efficiency in Federal procurement in the long-term. Capturing and tracking this information increases agency awareness of protest issues and enables the Government to systematically elevate protest issues, and more effectively address concerns raised by protesters. This internal reporting mechanism strengthens the agency's ability to capture more comprehensive protest data, which is essential for informed decision making. For example, this data will enable agency management to identify agency-specific trends in protest issues and develop agency-wide actions to address them. Taken together this enhanced transparency and management oversight directly increases protestor confidence in the fairness and responsiveness of the agency protest process.
For protests reviewed above the contracting officer, this rule proposes a significant enhancement by allowing the disclosure of a redacted copy of the agency's final technical evaluation of the protester's proposal and a redacted copy of the source selection decision. This disclosure will increase transparency and build credibility in the agency protest process. Additionally, producing these documents can reduce the number of protest grounds or render the protest moot. Most protests are filed with limited information. Insight into their evaluation and the award decision replaces guesswork with facts, eliminating the “information gap” which could lead to the withdrawal or dismissal of the protest. This coupled with the existing benefits of faster protest resolution time for agency protests, (35 days for agency protests versus 100 or more days for GAO protests) are expected to reduce disruptions in the acquisition process. For example, because protest of a contract award generally requires the agency to stay performance of the awarded contract pending resolution of the protest, faster protest resolution enables the agency to benefit from contract performance sooner. Consequently, these benefits are expected to lead to a reduction in litigation costs for both the Government and industry.
This proposed rule removes regulatory text that repeats or summarizes GAO protest regulations and instead points contracting officers directly to the applicable GAO regulations at 4 CFR part 21. These changes make this section of the FAR more concise, clear, and easier to navigate. This is a critical benefit as it minimizes the risk of legal discrepancies between the different regulatory bodies, reduces the administrative burden on contracting officers, and lowers the long-term need for additional rulemaking to harmonize duplicative text.
This proposed rule, if finalized, is not expected to have a significant impact on contractors or subcontracts.
This proposed rule seeks to remove the requirements of FAR 39.105, Privacy and FAR clause 52.239-1, Privacy or security safeguards, since these requirements are addressed elsewhere in the FAR. Security controls that safeguard publication or disclosure are covered in FAR 53.240-3 Security Prohibitions and Exclusions, and other external controls exist that restrict disclosure of certain information and provide safeguards for Federal information systems ( e.g., PM-1: Information Security Program Plan and SR-2: Supply Chain Risk Management Plan). These changes directly contribute to increased clarity and readability for both contracting officers and contractors leading to reduced administrative burden as contracting officers and contractors no longer need to reconcile overlapping requirements. Furthermore, by pointing to external control plans that are updated outside of the lengthy rulemaking process, ensuring security and privacy safeguards remain current and responsive to an evolving environment.
This proposed rule, if finalized, is not expected to have a significant impact on contractors or subcontractors. This proposed rule primarily relates to internal Government business practices as it enhances acquisition planning regarding PNT services. These changes in the FAR will provide acquisition planners better guidance on how to assess for PNT dependencies, capture PNT operational requirements, and account for needed PNT resiliency. This guidance will provide contractors with a better understanding of such considerations in Government acquisitions for products, systems, or services dependent on PNT services.
This rule proposes to require agencies to become familiar with the NICE Framework provided in NIST Special Publication 800-181 and additional tools to implement it at https://www.nist.gov/nice/ framework to describe the cybersecurity workforce tasks, knowledge, skills, and work roles when procuring information technology support services and cybersecurity support services. Agencies are expected to verify that offers, quotes, and reporting requirements ( e.g., contract deliverables) align with the NICE Framework. By using the NICE Framework to describe cybersecurity workforce tasks, knowledge, skills, and work roles, the proposed changes would create a common standard which would provide contractors with clearer and more standardized requirements in solicitations. This clarity reduces ambiguity and allows contractors to better tailor their offers and proposals to the Government's exact needs.
This rule requires contractors to ensure contract deliverables are consistent with the NICE Framework when specified for the acquisition of information technology support services and cybersecurity support services. This change also provides contractors with a consistent roadmap for internal training and workforce development. By aligning their talent pool with the NICE Framework, contractors can more efficiently invest in and maintain a qualified workforce capable of meeting Federal contract requirements across multiple agencies.
Improved National Security. Part 40 consolidates and strengthens regulations that prohibit contracting with entities that pose security risks ( e.g., certain Chinese telecommunications companies, Kaspersky Lab, TikTok) and creates a single “do not buy” list. This directly protects federal information systems and critical infrastructure from foreign threats, which in turn enhances overall public safety and security.
Enhanced Clarity and Compliance. The use of plain language and the consolidation of numerous provisions and clauses into fewer, more comprehensive ones ( e.g., merging five separate provisions into one provision, and seven separate clauses to one clause) reduces confusion for contractors. This clarity helps ensure higher compliance rates and more secure contracts across the Federal Government.
Greater Efficiency and Faster Acquisitions. By streamlining complex, often redundant, security requirements from parts 4, 25, and 40 into a single, logically organized part 40, the process for acquisition professionals is simplified. This “common sense” approach reduces administrative burdens and the time it takes to award contracts, allowing Government agencies to acquire necessary goods and services more quickly and efficiently. Reorganizing the content and consolidating information allows contractors and the acquisition workforce to better understand how current prohibitions are related, reducing the burden on the Government workforce and contractors while improving national security.
Covered Procurement Actions.
This rule will allow executive agencies to use the authorities in 41 U.S.C. 4713 to exclude certain products, services, or sources from the Federal supply chain to protect national security. Foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology to commit malicious cyber-enabled attacks, including economic espionage against the United States and its citizens. Vulnerabilities may be introduced during any phase of the product or service life cycle: design, development and production, distribution, acquisition and deployment, maintenance, and disposal. This rule helps mitigate these supply chain risks by ensuring agencies can address these national security risks by excluding products, services, or sources through a covered procurement action. Excluding specific sources, services, or sources is an important tool for addressing these national security risks, because there are specific risks that cannot be mitigated through additional security controls being applied and can only be mitigated by complete exclusion.
Telecommunications and Video Surveillance Equipment Prohibition.
This rule incorporates several updates to the prohibition requirements from the interim rules such as clarifying definitions, exceptions, and the scope of the rule that will reduce burden on both the public and Government. For example, the rule clarifies what activities are not considered use of covered telecommunications equipment or services for purposes of this specific prohibition. The rule also proposes definitions for telecommunications equipment, telecommunications services, video surveillance equipment, video surveillance services, and system.
Uniform Cybersecurity Practices. Establishing uniform requirements for how the acquisition workforce and Federal contractors manage CUI will significantly improve the Government and Federal contractors' ability to protect Federal information and information systems from criminals and our adversaries. Absent the uniform approach proposed in this rule, agencies will continue to employ ad hoc, agency-specific policies to manage this information, an approach that can cause agencies to mark and handle information inconsistently and inefficiently. While waivers may be applied in some circumstances, this rule is intended to establish a Governmentwide baseline that will lead to more effective implementation of protections for this sensitive information by the acquisition workforce and contractors. More effective implementation of requirements for identifying and marking CUI will reduce scenarios in which contractors may not realize the information that they are handling is sensitive information that must be safeguarded.
Protection From Potential Financial Impacts of CUI Incidents. Failure to adopt these basic cybersecurity requirements can have a substantial financial impact on a business. There have been many analyses regarding the cost of cybersecurity incidents and the estimates vary widely. In order to establish a defensible set of cost and loss data that is suitable for the analysis of cybersecurity incident costs in the Federal sector, the Cyber Security and Infrastructure Security Agency (CISA) Office of the Chief Economist (OCE), in the Department of Homeland Security, reviewed a broad range of cyber cost and loss studies and presented an analysis of the per-incident, aggregate, and scenario-based estimates of cyber loss. On October 26, 2020, the CISA OCE released a report ( https://www.cisa.gov/sites/default/files/2024-10/CISA-OCE%20Cost%20of%20Cyber%20Incidents%20Study_508.pdf ) with the results of their analyses and a summary of per-incident loss estimates available in the most widely cited published research, commercial datasets, and industry reports. OCE estimated the median cost of a cybersecurity incident cited in the surveyed publications ranged from $0.5 to $1.6 million. The maximum cost per incident cited ranged from $11.7 million to greater than $1 billion. The CISA OCE acknowledges in its report that the differences in the assumptions, approaches to data collection, and specific incidents included in the datasets for the above sources result in a high degree of variability among the loss estimates.
Increased Protection of Sensitive Information. Given the potential financial impacts a CUI incident may have on companies and individuals, it is imperative that Federal contractors who are entrusted with sensitive information in the performance of Government contracts adopt the basic cybersecurity hygiene requirements outlined in this rule. This increased baseline of cybersecurity hygiene across Federal contractors will reduce the number of incidents that have the potential to place sensitive information at risk and pose serious threats to individuals, Federal operations and assets, and the contractors themselves. For the remaining incidents that may occur, the requirement for contractors to report CUI incidents will allow the Federal Government to have appropriate situational awareness, quickly respond to the incident, and reduce the impact of the event.
Creating a centralized FAR forms list on www.acquisition.gov and referencing it in the new FAR subpart 1.6 (where the existing FAR part 53 is moving) simplifies user access to the forms and forms-related information. This change allows the list of forms to be updated outside the formal rulemaking process, reducing the FAR Council's administrative burden and speeding up Government updates.
Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). E.O. 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This is a significant regulatory action and, therefore, was subject to review under Section 6(b) of E.O. 12866, Regulatory Planning and Review, dated September 30, 1993.
This rule is subject to E.O. 14192, Unleashing Prosperity Through Deregulation. This proposed rule, if finalized, is not anticipated to be an E.O. 14192 regulatory action because it imposes no more than de minimis costs. See discussion in the “Expected Impact of the Rule” section of this preamble.
This proposed rule, if finalized, may have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601-612. However, an Initial Regulatory Flexibility Analysis (IRFA) has been performed and is as follows:
Executive Order (E.O.) 14275, Restoring Common Sense to Federal Procurement, directs the elimination of excessive acquisition regulations to stop the inefficient use of American taxpayer dollars. The E.O. directs the first comprehensive end-to-end overhaul of the FAR in its 40-year history. The E.O. establishes the policy that the FAR should “contain only provisions that are required by statute or that are otherwise necessary to support simplicity and usability, strengthen the efficacy of the procurement system, or protect economic or national security interests.” In response to E.O. 14275, the Office of Management and Budget issued memorandum M-25-26, Overhauling the Federal Acquisition Regulation. The Memo directed the FAR Council to complete a “revolutionary overhaul” of the FAR. Therefore, the FAR Council is issuing twelve proposed rules that will collectively streamline the entire FAR.
The revolutionary FAR overhaul (RFO) rewrite represents a paradigm shift in federal acquisition. It emphasizes streamlining, clarity, and accessibility, while ensuring that the regulation focuses only on statutory mandates and foundational procurement principles. The RFO is designed to streamline compliance for contracting professionals, improve acquisition speed and agility, and reinforce mission outcomes over process formalities.
The basis for the RFO is E.O. 14275, Restoring Common Sense to Federal Procurement. The authority for promulgation of the FAR is 41 U.S.C. 1121(b); 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
All small entities who want to contract with the Federal Government will have to familiarize themselves with the reorganized, streamlined, and revised FAR, including the content of this rulemaking. As of January 2026, there are 401,196 entities registered in the System for Award Management (SAM) that were small for at least one NAICS code they had selected.
FAR part 1 focuses on the Government's internal processes. The proposed revisions remove redundant or unnecessary content which results in making the regulations easier to navigate and understand for small entities. Additionally, the changes proposed in FAR part 1 do not place any new direct requirements on contractors.
The changes proposed by this rule to FAR part 4 impact all entities that do business with the Federal Government. These changes are expected to have a positive economic impact on a substantial number of small entities. Particularly the streamlining of the SAM registration will impact the 401,196 entities registered in SAM that were small for at least one NAICS code they had selected, which accounts for 70 percent of the total active entities registered in SAM.
The changes proposed by this rule to FAR part 33 help to more clearly describe the purpose of protests for both Government and contractors, encourage more disclosure of information for agency protests, and overall streamline the regulatory text related to GAO protest procedures. The impact on small entities is expected to be positive, specifically the enhancements to the agency-level protest process that allows for more information sharing and resolution in a swifter and less costly protest forum.
i. PNT Services. The changes proposed by this rule provide guidance to Government acquisition personnel on PNT services. The proposed rule does not represent any novel requirements but consolidates disparate standards into easier to follow guides for the acquisition community.
Clearer Federal customer PNT needs will help providers proactively adjust their products and services, contributing to the policy's goal of increased national resilience. Because PNT services are used in virtually all product or service classes, it is not feasible to isolate them to specific North American Industry Classification System or Product Service Codes. Therefore, based on data obtained from SAM Contract Awards Management for fiscal years 2022 through 2024, it is estimated on average approximately 114,159 unique entities were awarded contracts each year, of which approximately 75,013 were unique small entities.
ii. NICE Framework. This rule proposes to enhance cybersecurity by incorporating the NICE Framework lexicon and taxonomy into contracts for information technology and cybersecurity services This rule will enable agencies to evaluate whether personnel have the necessary knowledge and skills to perform the tasks specified in the contract, consistent with the NICE Framework.
This rule requires contractors to understand the NICE Framework, change internal operating procedures to reflect the new taxonomy, and ensure contract deliverables submitted to the Government are consistent with the NICE Framework.
Based on data obtained from SAM Contract Awards Management for fiscal years 2021 through 2023, it is estimated on average approximately 16,658 unique entities were awarded contracts each year, for cybersecurity and information technology services (based on Product and Service Code beginning with “D”), of which approximately 64% (10,691) are unique small entities.
The changes proposed by this rule to FAR part 40 impact all entities that do business with the Federal Government. The proposed revisions to FAR part 40 merge and consolidate regulations found in multiple subparts throughout the FAR into a single, logically organized part. The requirements of various security prohibitions and exclusions have been relocated from FAR parts 4 and 25 into FAR part 40. The proposed changes simplify requirements making them easier to navigate and understand for small entities. This rule authorizes agencies to take agency specific exclusion actions called covered procurement actions. The specific exclusion actions allowed by the statute are defined in this rule as part of the definition of covered procurement action. The rule also incorporates requirements for protecting controlled unclassified information.
The changes proposed by this rule, to relocate the content from the existing FAR part 53 to a new FAR subpart 1.6, impact all entities that do business with the Federal Government. For more details, refer to paragraph 3.a of this IRFA section.
This proposed rule does not contain any new reporting, recordkeeping or other compliance requirements. The reporting requirement established by FAR 52.201-1, Acquisition 360: Voluntary Survey is proposed to be removed from the FAR. The voluntary use of this form is now located in the FAR companion guide. FAR 52.253-1, Computer Generated Forms is being relocated from FAR part 53 to FAR part 1 without change. There are no new provisions or clauses.
This proposed rule does not contain any new reporting, recordkeeping or other compliance requirements under FAR part 4. The rule proposes to streamline compliance under the clauses at FAR 52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards; 52.204-14, Service Contract Reporting Requirements; and 52.204-15, Service Contract Reporting Requirements for Indefinite-Delivery Contracts, by excluding applicability to contracts for commercial acquisitions.
This rule also proposes to remove the FAR part 4 provisions and clauses as described in the table under paragraph 4.e of this IRFA.
FAR parts 33 and 53 do not contain any new reporting, recordkeeping, or other compliance requirements.
This rule proposes to require contractors to understand the NICE Framework, change internal operating procedures to reflect the new taxonomy, and ensure contract deliverables submitted to the Government are consistent with the NICE Framework.
Existing reporting, recordkeeping, and compliance requirements from FAR parts 4, 25, and 40 are proposed for consolidation in FAR part 40 as described in the following table:
| Existing reporting, recordkeeping, and compliance requirements moving and consolidating under FAR part 40: | |
| Under provision at FAR 52.240-2, Security Prohibitions and Exclusions—Representations and Certifications | 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment. |
| 52.204-26, Covered Telecommunications Equipment or Services—Representation. | |
| 52.204-29, Federal Acquisition Supply Chain Security Act Orders—Representation and Disclosures. | |
| 52.225-20, Prohibition on Conducting Restricted Business Operations in Sudan—Certification, and | |
| 52.225-25, Prohibition on Contracting with Entities Engaging in Certain Activities or Transactions Relating to Iran—Representation and Certifications. | |
| Under clause at FAR 52.240-3, Security Prohibitions and Exclusion | 52.204-23, Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities. |
| 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment. | |
| 52.204-27, Prohibition on a ByteDance Covered Application. | |
| 52.204-28, Federal Acquisition Supply Chain Security Act Orders—Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts. | |
| 52.204-30, Federal Acquisition Supply Chain Security Act Orders—Prohibition. | |
| 52.225-13 Restrictions on Certain Foreign Purchases. | |
| 52.240-1 Prohibition on Unmanned Aircraft Systems Manufactured or Assembled by American Security Drone Act—Covered Foreign Entities. | |
| FAR 52.240-4, Classified Information | 52.204-2, Security Requirements. |
| 52.240-5, Covered Federal Information | 52.204-21, Basic Safeguarding of Covered Contractor Information Systems. |
The proposed provision 52.240-2, Security Prohibitions and Exclusions—Representations and Certifications and clause 52.240-3, Security Prohibitions and Exclusion also authorize agencies to take an agency specific exclusion action called covered procurement actions. The specific exclusion actions allowed by the statute are defined in this rule as part of the definition of covered procurement action. Additionally, this proposed rule, if finalized, would add a new provision at 52.240-6, Notice of Controlled Unclassified Information Requirements, and a new clause at 52.240-7, Controlled Unclassified Information. The provision and clause are prescribed at FAR 40.304-6(a) and 40.304-6(b).
This proposed rule introduces a new standard form (SF) to support uniformity in Governmentwide implementation of these policies. It identifies roles and responsibilities for agencies and contractors when controlled unclassified information is located on Federal information systems within a Federal facility or resides on or transits through contractor information systems or within contractor facilities, and it adds a new clause and a provision to enable contractor reporting and compliance responsibilities in Federal solicitations and contracts.
The proposed rule, if finalized, would not duplicate, overlap, or conflict with other Federal rules.
There are no significant alternatives that would minimize the impact of the rule on small entities.
The Regulatory Secretariat Division has submitted a copy of the IRFA to the Chief Counsel for Advocacy of the Small Business Administration. A copy of the IRFA may be obtained from the Regulatory Secretariat Division. The FAR Council invites comments from small business concerns and other interested parties on the expected impact of this proposed rule on small entities.
The FAR Council will also consider comments from small entities concerning the existing regulations in subparts affected by the rule in accordance with 5 U.S.C. 610. Interested parties must submit such comments separately and should cite “5 U.S.C. 610 (FAR Case 2026-001)” in correspondence.
This rule includes information collections under the Paperwork Reduction Act (44 U.S.C. 3501-3521). Following are the specific collections associated with each FAR part in this rule as previously approved by OMB followed by how each collection would be affected by the proposed rule. If a FAR part is not listed below, then there are no information collections associated with the part.
OMB Control No. 9000-0204, Acquisition 360 Voluntary Survey. The changes under this proposed rule, if finalized, would not affect the information collection or the paperwork burden previously approved by OMB. The collection would remain unchanged.
OMB Control Nos. 9000-0177, Reporting Executive Compensation and First-tier Subcontract Awards; and 9000-0189, Certain Federal Acquisition Regulation Part 4 Requirements: FAR Sections Affected: 52.204-3, 52.204-6, 52.204-7, 52.204-12 thru 52.204-18, 52.204-20, 52.204-23, 52.212-1(j), 52.212-3(b), and 52.212-3(l). The changes under this proposed rule, if finalized, would revise these information collections and the paperwork burden previously approved by OMB. The public reporting burden for these collections of information will be consolidated under OMB Control No. 9000-0189 with the new title “Federal Acquisition Regulation Part 4 Requirements” and OMB Control No. 9000-0177 will be discontinued. Additionally, the public reporting burden for OMB Control No. 9000-0189 will be revised to exclude commercial acquisitions from the information collection requirements under the clauses at FAR 52.204-10, 52.204-14, and 52.204-15 as described in section II. of this preamble.
The revised annual reporting burden is estimated as follows:
Respondents: 66,575.
Total Annual Responses: 271,227.
Total Burden Hours: 393,994.
OMB Control No. 9000-0035, Claims and Appeals.
The changes under this proposed rule, if finalized, would not affect the information collection or the paperwork burden previously approved by OMB. The collection would remain unchanged.
OMB Control No(s). 9000-0189 for the FAR 52.204-23 information collection; 9000-0199, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment—FAR sections affected: 52.204-26; 52.204-24; and 52.204-25; and 9000-0205, Implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders—FAR Sections Affected: 52.204-29, 52.204-30. The changes under this proposed rule, if finalized, would revise these information collections and the paperwork burden previously approved by OMB. The public reporting burden for these collections of information will be consolidated under OMB Control No. 9000-0199 with the new title “Federal Acquisition Regulation Part 40 Requirements” and OMB Control No. 9000-0205 will be discontinued. Additionally, the public reporting burden for OMB Control No. 9000-0199 will be revised to add to the information collection burden to implement Section 203 in the Federal Acquisition Supply Chain Security Act of 2018, which is the title II of the “Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act” (SECURE Technology Act), (Pub. L. 115-390); and E.O. 13556, Controlled Unclassified Information, that established the CUI Program and NARA's final rule at 81 FR 63324 on September 14, 2016, to implement the CUI requirements of E.O. 13556.
The revised annual burden is estimated as follows:
Respondents: 920,779.
Total Annual Responses: 946,075.
Total Burden Hours: 1,910,833.
The FAR Council will publish a separate first notice in accordance with the Paperwork Reduction Act seeking comments on the changes to these collections of information.
If any portion ( e.g., section, clause, sentence) of this rule is held to be invalid or unenforceable facially, or as applied to any entity or circumstance, it shall be severable from the remainder of this rule, and shall not affect the remainder thereof, or its application to entities not similarly situated or to other dissimilar circumstances. The various portions of this rule are independent and serve distinct purposes. Even if one aspect were rendered invalid, the other benefits of the rule would still be applicable.
List of Subjects in 48 CFR Parts 1, 2, 4, 33, 39, 40, 52, and 53
Government procurement.
William F. Clark,
Director, Office of Government-wide Acquisition Policy, Office of Acquisition Policy, Office of Government-wide Policy.
Therefore, OFPP, DoD, GSA, and NASA propose amending 48 CFR parts 1, 2, 4, 33, 39, 40, 52, and 53 as set forth below:
1. Revise parts 1, 2, 4, 33, 39, and 40 to read as follows:
PART 1—FEDERAL ACQUISITION REGULATIONS SYSTEM
Sec. 1.000 Scope of part. Subpart 1.1—Framework 1.101 Framework. 1.102 Guiding principles for the System. 1.103 Authority. 1.104 Publication and code arrangement. 1.105 OMB approval under the Paperwork Reduction Act. 1.106 Certifications. 1.107 FAR conventions. 1.108 Statutory acquisition-related dollar thresholds-adjustment for inflation. 1.109 Regulatory sunset. 1.110 Positive law codification. 1.111 Publication for public comment. Subpart 1.2—Agency Acquisition Regulations 1.201 Policy. Subpart 1.3—Deviations from the FAR 1.300 Scope of subpart. 1.301 Definition. 1.302 Policy. 1.303 Individual deviations. 1.304 Class deviations. 1.305 Deviations pertaining to treaties and executive agreements. Subpart 1.4—Career Development, Contracting Authority, and Responsibilities 1.401 Contracting functions. 1.402 Contracting officers. 1.402-1 Authority. 1.402-2 Responsibilities. 1.403 Selecting, appointing, and terminating the appointment for contracting officers. 1.403-1 General. 1.403-2 Appointment. 1.403-3 Termination. 1.404 Contracting officer's representative. 1.405 Ratification of unauthorized commitments. Subpart 1.5—Determination and Findings 1.500 Scope of subpart. 1.501 General. 1.502 Class determination and findings. 1.503 Content. 1.504 Replacement and modification. Subpart 1.6—Forms 1.601 Definition. 1.602 Policy. 1.603 Computer generation. 1.604 Recommendations concerning forms. 1.605 Contract clause.
Authority:
41 U.S.C. 1121(b); 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
This part describes the framework and guiding principles for the Federal Acquisition Regulations System (the System).
Subpart 1.1—Framework
(a) The System is a collection of acquisition regulations and guidance, and consists of the following:
(1) The Federal Acquisition Regulation (FAR), which is a single acquisition regulation applicable to all acquisitions, and all executive agencies. The FAR is issued as Chapter 1 of title 48 of the Code of Federal Regulations (CFR).
(2) Agency acquisition regulations that implement or supplement the FAR (see 48 CFR chapters 2 through 99).
(3) FAR companion guide, which contains nonregulatory guidance and best practices (available at https://www.acquisition.gov/far-companion ).
(b) The System does not include internal guidance supplementing agency acquisition regulations described in 1.201(c).
(a) The System will—
(1) Meet an agency's mission efficiently and effectively first;
(2) Ensure the most effective use of taxpayer dollars in ways that recognize the value of time, encourage innovation, promote merit, attract domestic sources' participation, satisfy the customer, and balance these interests and objectives;
(3) Maximize buying commercial products or commercial services rather than requiring Government-unique solutions;
(4) Award contracts to contractors who demonstrate a superior ability to perform;
(5) Promote competition and fair opportunity;
(6) Promote conducting business with integrity, fairness, and openness; and
(7) Delegate the authority to make decisions and accountability for those decisions to the lowest level within the System, consistent with law. The contracting officer must have the authority, to the maximum extent practicable and consistent with law, to determine how and when to apply rules, regulations, and policies on a specific contract.
(b)(1) Acquisition team members in the System include Government acquisition representatives from the technical, supply, sourcing, small business and procurement areas; the customers they support; and the contractors who deliver the products and services.
(2) The role of each acquisition team member in the System is to exercise personal initiative and sound business judgment to meet the agency's mission and manage risk.
(3) To continually promote innovation, the FAR encourages acquisition team members to pursue new approaches, and document successes and lessons learned.
(4) In this spirit, acquisition team members may assume that if a specific strategy, practice, policy, or procedure is in the best interests of the Government and is not addressed in the FAR, nor prohibited by law (statute or case law), Executive order or other regulation, then they are allowed to use the strategy, practice, policy, or procedure.
(5) Acquisition team members should work together as a team and make decisions within their area of responsibility.
(6) Acquisition team members can propose deviations from FAR regulations if the deviation would promote economy, efficiency, or innovation (see subpart 1.3).
(c) To achieve efficient operations, the System focuses on risk management rather than risk avoidance. Attempting to eliminate all risk is prohibitive in terms of cost to the taxpayer.
(a) The System has been developed according to the requirements of 41 U.S.C. chapter 13, Acquisition Councils.
(b) The Federal Acquisition Regulatory Council, or FAR Council, consists of the Administrator for Federal Procurement Policy, the Secretary of Defense, the Administrator of General Services, and the Administrator of National Aeronautics and Space. The FAR is prepared and jointly issued by the FAR Council under their several statutory authorities.
(a) Changes to the FAR are published in the daily issue of the Federal Register . A cumulative version of the FAR is published—
(1) In the CFR, in an annually updated version at https://www.govinfo.gov/app/collection/cfr, and as a daily updated version at ecfr.gov ; and
(2) In an enhanced daily updated version available at https://www.acquisition.gov/browse/index/far.
(b) For further details on the arrangement and numbering of the FAR, including provisions and clauses and supplemental agency regulations, see https://www.acquisition.gov.
(c) Each numbered unit or segment ( i.e., part, subpart, section, etc.) of an agency acquisition regulation that is codified in the CFR must begin with the chapter number. However, the chapter number assigned to the FAR will not be included in the numbered units or segments of the FAR.
(d) Using the FAR coverage at 9.106-4(d) as a typical illustration, reference to the part would be “FAR part 9” outside the FAR and “part 9” within the FAR. Reference to the section would be “FAR 9.106” outside the FAR and “9.106” within the FAR.
(e) GSA is responsible for establishing and operating the FAR Regulatory Secretariat to publish and distribute the FAR through the CFR system.
The list of information collections and recordkeeping requirements contained in this regulation have been approved by the Office of Management and Budget (OMB). They can be found at https://www.acquisition.gov/FAR-PRA.
Unless allowed under 41 U.S.C. 1304, the FAR must not require a certification from an offeror or contractor.
(a) Words and terms. (1) Definitions in part 2 apply to the entire regulation unless specifically defined in another part, subpart, section, provision, or clause. Words or terms defined in a specific part, subpart, section, provision, or clause have that meaning when used in that part, subpart, section, provision, or clause.
(2) Undefined words retain their common dictionary meaning.
(b) Delegation of authority. Each authority is delegable unless specifically stated otherwise.
(c) Dollar thresholds. (1) Unless otherwise specified, a specific dollar threshold is the final anticipated dollar value of the action, including the dollar value of all options.
(2) The final anticipated dollar value must be the highest final priced alternative to the Government, including the dollar value of all options, if the action establishes—
(i) A maximum quantity of supplies or services to be acquired;
(ii) A ceiling price; or
(iii) The final price to be based on future events.
(d) Applying FAR changes to solicitations and contracts. Unless otherwise specified—
(1) FAR changes apply to solicitations issued on or after the effective date of the change;
(2) Contracting officers may, at their discretion, include the FAR changes in solicitations issued before the effective date, provided award of the resulting contract(s) occurs on or after the effective date; and
(3) Contracting officers may, at their discretion, include the changes in any existing contract with appropriate consideration.
(e) Citations. When the FAR cites a statute, Executive order, OMB circular, Office of Federal Procurement Policy policy letter, or relevant portion of the CFR, the citation includes all applicable amendments, unless otherwise stated.
(f) Required action. When a sentence directs action, the contracting officer is responsible for the action, unless another party is expressly cited.
The FAR adjusts statutory acquisition-related dollar thresholds for inflation every 5 years. The statute at 41 U.S.C. 1908 establishes the calculation used to escalate the thresholds. The statute also identifies certain thresholds that must not be escalated. A matrix of the most recent calculations is available at https://www.regulations.gov (search FAR Case 2024-001, open the docket folder, and go to the supporting documents file).
(a) Consistent with Executive Order 14275 of April 15, 2025, Restoring Common Sense to Federal Procurement, the FAR Council will seek public input through rulemaking on sections, provisions and clauses of the FAR that are not explicitly required by statute or Executive order prior to their expiration.
(b)(1) Sections, provisions, and clauses in the FAR do not expire until removed from the FAR by rulemaking.
(2) Clauses in a contract remain in effect until removed by contract modification, unless—
(i) The clause by its terms specifies an expiration date; or
(ii)The FAR Council determines that it would be advantageous to contractors to no longer enforce the clause, and publishes a notice in the Federal Register providing that the clause is no longer enforceable.
Titles 40 and 41 of the United States Code were revised and reorganized, as a result of positive law codifications. A table identifying the original “popular name” of the public laws in those titles, and how they are referred to in the FAR, is available at https://www.acquisition.gov/renamingpubliclaws.
Publication of a procurement policy, regulation, procedure or form in the Federal Register must be consistent with 41 U.S.C. 1707.
Subpart 1.2—Agency Acquisition Regulations
(a)(1) An agency head may issue agency acquisition regulations that are necessary to implement the FAR, or to supplement the FAR to satisfy a specific agency need, according to 41 U.S.C. 1303(a)(2). When creating supplemental provisions and clauses, including those for suborganizational or specific contracting office needs, use the sequential numbers starting at 70.
(2) Agency acquisition regulations must not—
(i) Unnecessarily repeat, paraphrase, or otherwise restate material contained in the FAR or higher-level agency acquisition regulations; or
(ii) Conflict or be inconsistent with the FAR, except as required by law or as provided in subpart 1.3.
(b)(1) If required by 41 U.S.C. 1707, agencies must publish their acquisition regulations for comment in the Federal Register . However, publication is not required for issuances that merely implement or supplement higher level issuances that have previously undergone the public comment process, unless such implementation or supplementation results in an additional significant cost or administrative impact on contractors or offerors or effect beyond the internal operating procedures of the issuing organization.
(2) Agencies must comply with other applicable statutes, ( e.g., the Paperwork Reduction Act (44 U.S.C. 3501, et seq. ) and the Regulatory Flexibility Act (5 U.S.C. 601, et seq. )).
(c) An agency head may authorize internal agency guidance at any organizational level ( e.g., designations and delegations of authority, assignments of responsibilities, work-flow procedures, and internal reporting requirements). Internal agency guidance does not need to be published in the Federal Register for comment, unless the agency guidance has a significant effect beyond the internal operating procedures of the agency or creates an additional significant cost or administrative impact on contractors or offerors.
Subpart 1.3—Deviations from the FAR
(a) This subpart prescribes the policies and procedures for authorizing deviations from the FAR.
(b) Exceptions regarding the use of forms prescribed by the FAR are covered in 1.602(d).
Deviation means one or any combination of the following:
(1) Issuing or using a policy, procedure, solicitation provision, contract clause, method, or practice of conducting acquisition actions of any kind at any stage of the acquisition process that is inconsistent with the FAR.
(2) Leaving out any solicitation provision or contract clause when its prescription requires including it.
(3) Using any solicitation provision or contract clause with modified or alternate language that is not authorized by the FAR (see definition of “modification” in 52.101(a)).
(4) Using a solicitation provision or contract clause prescribed by the FAR on a substantially as follows or substantially the same as basis, if such use is inconsistent with the intent, principle, or substance of the prescription or related coverage on the subject matter in the FAR.
(5) Authorizing lesser or greater limitations on the use of any solicitation provision, contract clause, policy, or procedure required by the FAR.
(6) Issuing policies or procedures that control contractual relationships that are not incorporated into agency acquisition regulations according to 1.201(a).
(a) Unless not allowed by law, Executive order, or regulation, agencies may deviate from the FAR as specified in this subpart when necessary to meet an agency's specific needs.
(b) Refer to 31.004 for instructions on deviating from part 31, Contract Cost Principles and Procedures.
(c) Agencies are not authorized to deviate from 30.201-3 and 30.201-4, or the requirements of the Cost Accounting Standards Board (CASB) rules and regulations (48 CFR chapter 99). Refer to 30.201-5 for instructions on deviating from the Cost Accounting Standards.
Individual deviations affect only one contract action. The agency head may authorize individual deviations. The contracting officer must document the justification and agency approval in the contract file.
(a) Class deviations affect more than one contract action. A deviation for any solicitation that will result in multiple contract awards will need to be done as a class deviation. When an agency knows that it will require a class deviation on a permanent basis, it may develop and propose a FAR revision.
(b) Agency heads may authorize class deviations from the FAR. Before they do so, class deviations must be approved by the FAR Council, except where required to implement agency-specific executive or statutory direction. Agencies requesting approval must send the proposed class deviation to the FAR Secretariat at GSARegSec@gsa.gov.
(c) The FAR Council will review and provide a decision to the requesting agency within 5 business days, unless the request is urgent. The FAR Council will decide urgent requests within 24 hours of receipt of the request. Agencies may proceed if they do not receive responses within these time frames.
(d) Agencies must email a copy of each agency-approved class deviation to the FAR Secretariat at GSARegSec@gsa.gov.
(e) The Administrator for Federal Procurement Policy may require the FAR Council to issue deviation guidance to promote uniformity.
(a) Deviations from the FAR that are necessary to comply with a treaty to which the United States is a party are authorized, unless the deviation would be inconsistent with FAR coverage based on a law enacted after the treaty's execution.
(b) Deviations from the FAR that are necessary to comply with an executive agreement ( i.e., a Government-to-Government agreement, including agreements with international organizations, to which the United States is a party) are authorized unless the deviation would be inconsistent with FAR coverage based on law.
Subpart 1.4—Career Development, Contracting Authority, and Responsibilities
The agency head may establish contracting activities and delegate contracting functions to the contracting activities. Per 41 U.S.C. 3102(b), agency heads may mutually agree to—
(a) Delegate contracting functions and responsibilities from one agency to another; and
(b) Create joint or combined offices to exercise acquisition functions and responsibilities.
(a) Only contracting officers may sign, administer, or terminate contracts on behalf of the Government. Contracting officers may bind the Government based on the authority delegated to them. The appointing authority must provide the contracting officer with clear instructions in writing about what they can and cannot do.
(b) Contracting officers have wide latitude to exercise business judgment.
Contracting officers are responsible for—
(a) Before signing a contract—
(1) Ensuring it meets all requirements of law, Executive orders, regulations, and all other applicable procedures, including clearances and approvals; and
(2) Ensuring funds are available for obligation;
(b) Ensuring compliance with the contract terms;
(c) Ensuring offerors and contractors receive impartial, fair, and equitable treatment; and
(d) Requesting and considering the advice of specialists in audit, law, engineering, information security, transportation, and other fields, as appropriate.
(a) 41 U.S.C. 1702(b)(3)(G) requires agency heads to establish and maintain an acquisition career management program, which includes a system to select, appoint, and terminate contracting officers' appointments.
(b) Agency heads or their designees may select and appoint contracting officers and terminate their appointments.
(c) These selections and appointments must be consistent with OFPP standards for skill-based training in performing contracting and purchasing duties as published in OFPP Policy Letter No. 05-01, Developing and Managing the Acquisition Workforce, April 15, 2005, and OFPP Memo dated January 19, 2023, Federal Acquisition Certification in Contracting (FAC-C) Modernization (see https://www.fai.gov/certification/fac-c/contracting-fac-c/fac-c-policy-documents ).
(a)(1) Contracting officers must be appointed in writing, using a Standard Form (SF) 1402, Certificate of Appointment. The certificate must state any limitations placed on the contracting officer's scope of authority, other than limitations contained in applicable law or regulation.
(2) Appointing officials must keep copies of all current appointments.
(b)(1) Agency heads are encouraged to delegate micro-purchase authority to individuals who are employees of an executive agency or members of the Armed Forces of the United States who will use the supplies or services being purchased.
(2) Agency heads must appoint these individuals in writing but are not required to use an SF 1402.
(a) Agency heads must terminate a contracting officer appointment by letter, unless the Certificate of Appointment contains other provisions for automatic termination.
(b) Terminations may occur for reasons such as reassignment, termination of employment, or unsatisfactory performance. Agency heads cannot terminate a contracting officer appointment retroactively.
(a) Designation. (1) The contracting officer's representative (COR) must be nominated either by the requiring activity or according to agency procedures. The contracting officer designates and authorizes a COR in writing and according to agency procedures. See 7.104(b)(6) which directs the COR designation as early as possible.
(2) The COR designation must—
(i) Specify the extent of the COR's authority to act on behalf of the contracting officer;
(ii) Specify the period covered by the designation;
(iii) State the authority cannot be delegated further; and
(iv) State that the COR may be personally liable for unauthorized acts.
(3)(i) Contracting officers may not delegate responsibilities to a COR that are delegated to a contract administration office under 42.202. Contracting officers may assign the COR other duties described at 42.302.
(ii) The contracting officer must communicate the COR's duties clearly and in writing.
(4) The contracting officer must send copies of the COR's designation to the contractor and the contract administration office.
(b) Types of contracts and orders. The contracting officer must assign a COR to all contracts and orders other than firm fixed-price contracts and orders. For firm fixed-price contracts and orders, the contracting officer may assign a COR.
(c) COR Qualifications. The COR—
(1) Must be a Government employee, unless otherwise authorized in agency regulations;
(2) Must be certified and must maintain certification. The certification must align with the current OMB memorandum on the Federal Acquisition Certification for Contracting Officer Representatives (FAC-COR) guidance, or for DoD, according to DoD policy guidance; and
(3) Must be qualified by training and experience.
(d) Lack of authority. A COR has no authority to make any commitments or changes that affect price, quality, quantity, delivery, or other terms and conditions of the contract. The COR must not direct the contractor or its subcontractors to operate in conflict with the contract terms and conditions.
(e) Responsibilities.
(1) A COR assists in the technical monitoring or administration of a contract.
(2) The COR must maintain a file for each assigned contract. The file must include, at a minimum—
(i) A copy of the contracting officer's letter of designation and other documents describing the COR's duties and responsibilities; and
(ii) Documentation of COR actions taken according to the delegation of authority.
(a) Definitions.
As used in this section—
Ratification means the act of approving an unauthorized commitment by an official who has the authority to do so.
Unauthorized commitment means an agreement that is not binding solely because the Government representative who made it lacked the authority to enter into that agreement on behalf of the Government.
(b) Policy. (1) Agencies should take actions to avoid the need for ratifications.
(2)(i) The head of the contracting activity may ratify an unauthorized commitment, subject to the criteria in paragraph (c).
(ii) Agencies may delegate the authority to ratify an unauthorized commitment. Agencies cannot delegate this authority below the level of the chief of the contracting office.
(3) Unauthorized commitments which involve claims subject to resolution under 41 U.S.C. chapter 71, Contract Disputes, should be processed under subpart 33.2, Disputes and Appeals.
(c) Criteria. Agencies may use the authority in paragraph (b)(2) of this section only when—
(1) The Government accepted supplies or services from the contractor, or the Government received a benefit from performance of the unauthorized commitment;
(2) The ratifying official has the authority to enter into a contractual commitment;
(3) The resulting contract would otherwise have been proper if made by an authorized contracting officer;
(4) The contracting officer reviewing the unauthorized commitment determines the price to be fair and reasonable;
(5) The contracting officer recommends payment, and legal counsel concurs with the recommendation, unless agency procedures expressly do not require legal counsel concurrence; and
(6) Funds are available and were available at the time the unauthorized commitment was made.
(d) Nonratifiable commitments. Actions that do not meet the criteria in paragraph (c) of this section may be subject to resolution according to 31 U.S.C. 3702, or as authorized by subpart 50.1.
Subpart 1.5—Determination and Findings
This subpart prescribes general policies and procedures for using a determination and findings (D&F).
(a)(1) Ordinarily, a D&F applies to an individual contract action. Unless otherwise prohibited, agencies may execute class D&Fs for classes of contract actions (see 1.502). The approval granted by a D&F is restricted to the proposed contract action(s) reasonably described in that D&F. D&Fs may provide for a reasonable degree of flexibility.
(2) Unless the D&F states otherwise, reasonable variations in estimated quantities or prices are permitted.
(b) When an option is anticipated, the D&F must state the approximate quantity to be awarded at first and the extent of the increase the option permits.
(a) A class D&F provides authority for a class of contract actions. A class may consist of contract actions for the same or related supplies, services, or other contract actions that require essentially identical justification.
(b)(1) The findings in a class D&F must fully support the proposed action either for the class as a whole or for each action. A class D&F must be for a specified period, with the expiration date stated in the document.
(2) When a solicitation has been provided to prospective offerors before the expiration date, the authority under the D&F will continue until award of the contract(s) resulting from that solicitation.
(c) The contracting officer must ensure that individual actions taken under the authority of a class D&F are within the scope of the D&F.
At a minimum, each D&F must include the following information:
(a) Identification of the agency and the contracting activity and specific identification of the document as a Determination and Findings.
(b) Description of the action being approved.
(c) Citation to the appropriate statute or regulation upon which the D&F is based.
(d) Findings that detail the particular circumstances, facts, or reasoning essential to support the determination. Necessary supporting documentation must come from appropriate requirements and technical personnel.
(e) A determination based on the findings that the proposed action is justified under the applicable statute or regulation.
(f) For class D&Fs, an expiration date.
(g) The signature of the official authorized to sign the D&F and the date signed.
(a) If a D&F is replaced by another D&F, that action will not invalidate any action taken under the original D&F before the date of its replacement.
(b) The contracting officer is not required to cancel the solicitation if the modified D&F supports the contract action.
Subpart 1.6—Forms
As used in this subpart—
Exception means an approved departure from the established design, content, or conditions for use of any standard form.
(a) Requirements. The requirements for using the forms are contained in parts 1 through 52, where the subject matter applicable to each form is addressed.
(b) Forms list. A list of the standard forms, optional forms (OF), and agency forms specified by the FAR for use in acquisitions is available at https://acquisition.gov/FARforms. The list identifies the forms' current edition location, FAR part requirement, and prescribing agency.
(c) Continuation sheets. Standard forms prescribed in the FAR may be continued on plain paper of similar specification, or specially constructed continuation sheets ( i.e., OF 336). Continuation sheets must include both the reference number of the document being continued and the serial page number in the upper right hand corner.
(d) Exceptions. Agencies must obtain an exception from—
(1) The FAR Council for standard forms prescribed by the FAR; or
(2) The prescribing agency for agency-specific forms.
The forms prescribed in the FAR may be computer generated without obtaining an exception (see 1.602(d)), provided that—
(a) There is no change to the name, content, or sequence of the data elements, and the form carries its number and edition date; or
(b) The form is in an electronic format covered by the American National Standards Institute X12 Standards published by the Accredited Standards Committee X12 on Electronic Data Interchange or a format that can be translated into one of those standards.
(a) Public. FAR users may recommend new forms or revisions, elimination, or consolidation of existing forms identified on the forms list (see 1.602(b)). These recommendations should be submitted to the FAR Secretariat.
(b) Government. Recommendations from within an executive agency must be submitted to the Civilian Agency Acquisition Council or the Defense Acquisition Regulations Council in accordance with agency procedures.
Insert the clause at 52.201-2, Computer Generated Forms, in solicitations and contracts, including those for commercial products and commercial services, that require the contractor to submit data on standard forms or optional forms; and, unless prohibited by agency regulations, forms prescribed by agency supplements.
PART 2—DEFINITIONS AND ACRONYMS
Sec. 2.000 Scope of part. Subpart 2.1—Definitions, Acronyms, and Abbreviations 2.101 Definitions. 2.102 Acronyms and abbreviations. 2.103 Contract clause.
Authority:
41 U.S.C. 1121(b); 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
(a) This part—
(1) Defines words and terms that are frequently used in the FAR);
(2) Provides cross-references to other definitions in the FAR of the same word or term; and
(3) Provides for the incorporation of these definitions in solicitations and contracts by reference.
(b) Other parts, subparts, and sections of this regulation (48 CFR chapter 1) may define other words or terms and those definitions only apply to the part, subpart, or section where the word or term is defined.
Subpart 2.1—Definitions, Acronyms, and Abbreviations
A word or a term, defined in this section, has the same meaning throughout the FAR unless the context in which the word or term is used clearly requires a different meaning or another FAR part, subpart, or section provides a different definition for the particular part or portion of the part. If a word or term that is defined in this section is defined differently in another part, subpart, or section of this chapter, the definition in this section includes a cross-reference to the other definitions and that part, subpart, or section applies to the word or term when used in that part, subpart, or section.
Acquisition means the acquiring by contract with appropriated funds of supplies or services (including construction) by and for the use of the Federal Government through purchase or lease, whether the supplies or services are already in existence or must be created, developed, demonstrated, and evaluated. Acquisition begins at the point when agency needs are established and includes the description of requirements to satisfy agency needs, solicitation and selection of sources, award of contracts, contract financing, contract performance, contract administration, and those technical and management functions directly related to the process of fulfilling agency needs by contract.
Acquisition planning means the process by which the efforts of all personnel responsible for an acquisition are coordinated and integrated through a comprehensive plan for fulfilling the agency need in a timely manner and at a reasonable cost. It includes developing the overall strategy for managing the acquisition.
Adequate evidence means information sufficient to support the reasonable belief that a particular act or omission has occurred.
Advisory and assistance services (A&AS) means those services provided under contract by nongovernmental sources to support or improve: organizational policy development; decision-making; management and administration; program and/or project management and administration; or R&D activities. It can also mean the furnishing of professional advice or assistance rendered to improve the effectiveness of Federal management processes or procedures (including those of an engineering and technical nature). In rendering the foregoing services, outputs may take the form of information, advice, opinions, alternatives, analyses, evaluations, recommendations, training and the day-to-day aid of support personnel needed for the successful performance of ongoing Federal operations. All advisory and assistance services are classified in one of the following definitional subdivisions:
(1) Management and professional support services, i.e., contractual services that provide assistance, advice or training for the efficient and effective management and operation of organizations, activities (including management and support services for R&D activities), or systems. These services are normally closely related to the basic responsibilities and mission of the agency originating the requirement for the acquisition of services by contract. Included are efforts that support or contribute to improved organization of program management, logistics management, project monitoring and reporting, data collection, budgeting, accounting, performance auditing, and administrative technical support for conferences and training programs.
(2) Studies, analyses and evaluations, i.e., contracted services that provide organized, analytical assessments/evaluations in support of policy development, decision-making, management, or administration. Included are studies in support of R&D activities. Also included are acquisitions of models, methodologies, and related software supporting studies, analyses or evaluations.
(3) Engineering and technical services, i.e., contractual services used to support the program office during the acquisition cycle by providing such services as systems engineering and technical direction (see 9.505-1(b)) to ensure the effective operation and maintenance of a weapon system or major system as defined in OMB Circular No. A-109 or to provide direct support of a weapon system that is essential to research, development, production, operation or maintenance of the system.
Affiliates means associated business concerns or individuals if, directly or indirectly either one controls or can control the other; or third party controls or can control both, except as follows:
(1) For use in subpart 9.4, see the definition at 9.403.
(2) For use of affiliates in size determinations, see the definition of “small business concern” in this section.
Agency head or head of the agency means the Secretary, Attorney General, Administrator, Governor, Chairperson, or other chief official of an executive agency, unless otherwise indicated, including any deputy or assistant chief official of an executive agency.
Alternate means a substantive variation of a basic provision or clause prescribed for use in a defined circumstance. It adds wording to, deletes wording from, or substitutes specified wording for a portion of the basic provision or clause. The alternate version of a provision or clause is the basic provision or clause as changed by the addition, deletion, or substitution (see 52.105(a)).
Architect-engineer services, as defined in 40 U.S.C. 1102, means—
(1) Professional services of an architectural or engineering nature, as defined by State law, if applicable, that are required to be performed or approved by a person licensed, registered, or certified to provide those services;
(2) Professional services of an architectural or engineering nature performed by contract that are associated with research, planning, development, design, construction, alteration, or repair of real property; and
(3) Those other professional services of an architectural or engineering nature, or incidental services, that members of the architectural and engineering professions (and individuals in their employ) may logically or justifiably perform, including studies, investigations, surveying and mapping, tests, evaluations, consultations, comprehensive planning, program management, conceptual designs, plans and specifications, value engineering, construction phase services, soils engineering, drawing reviews, preparation of operating and maintenance manuals, and other related services.
Assignment of claims means the transfer or making over by the contractor to a bank, trust company, or other financing institution, as security for a loan to the contractor, of its right to be paid by the Government for contract performance.
Assisted acquisition means a type of interagency acquisition where a servicing agency performs acquisition activities on a requesting agency's behalf, such as awarding and administering a contract, task order, or delivery order.
Basic research means that research directed toward increasing knowledge in science. The primary aim of basic research is a fuller knowledge or understanding of the subject under study, rather than any practical application of that knowledge.
Best value means the expected outcome of an acquisition that, in the Government's estimation, provides the greatest overall benefit in response to the requirement.
Bid sample means a product sample required to be submitted by an offeror to show characteristics of the offered products that cannot adequately be described by specifications, purchase descriptions, or the solicitation ( e.g., balance, facility of use, or pattern).
Biobased product means a product determined by the U.S. Department of Agriculture to be a commercial product or industrial product (other than food or feed) that is composed, in whole or in significant part, of biological products, including renewable domestic agricultural materials and forestry materials, or that is an intermediate ingredient or feedstock. The term includes, with respect to forestry materials, forest products that meet biobased content requirements, notwithstanding the market share the product holds, the age of the product, or whether the market for the product is new or emerging. (7 U.S.C. 8101) (7 CFR 4270.2).
Broad agency announcement (BAA) means a general announcement of an agency's research interest including criteria for selecting proposals and soliciting the participation of all offerors capable of satisfying the Government's needs.
Building or work means construction activity as distinguished from manufacturing, furnishing of materials, or servicing and maintenance work. The terms include, without limitation, buildings, structures, and improvements of all types, such as bridges, dams, plants, highways, parkways, streets, subways, tunnels, sewers, mains, power lines, pumping stations, heavy generators, railways, airports, terminals, docks, piers, wharves, ways, lighthouses, buoys, jetties, breakwaters, levees, canals, dredging, shoring, rehabilitation and reactivation of plants, scaffolding, drilling, blasting, excavating, clearing, and landscaping. The manufacture or furnishing of materials, articles, supplies, or equipment (whether or not a Federal or State agency acquires title to such materials, articles, supplies, or equipment during the course of the manufacture or furnishing, or owns the materials from which they are manufactured or furnished) is not “building” or “work” within the meaning of this definition unless conducted in connection with and at the site of such building or work as is described in the foregoing sentence, or under the United States Housing Act of 1937 and the Housing Act of 1949 in the construction or development of the project.
Bundling—
(1) Means a subset of consolidation that combines two or more requirements for supplies or services, previously provided or performed under separate smaller contracts (see paragraph (2) of this definition), into a solicitation for a single contract, a multiple-award contract, or a task or delivery order that is likely to be unsuitable for award to a small business concern (even if it is suitable for award to a small business with a Small Business Teaming Arrangement) due to—
(i) The diversity, size, or specialized nature of the elements of the performance specified;
(ii) The aggregate dollar value of the anticipated award;
(iii) The geographical dispersion of the contract performance sites; or
(iv) Any combination of the factors described in paragraphs (1)(i), (ii), and (iii) of this definition.
(2) “Separate smaller contract” as used in this definition, means a contract that has been performed by one or more small business concerns or that was suitable for award to one or more small business concerns.
Business unit means any segment of an organization, or an entire business organization that is not divided into segments.
Certified cost or pricing data means “cost or pricing data” that were required to be submitted in accordance with FAR 15.403-3 and have been certified, or are required to be certified, in accordance with 15.403-4. This certification states that, to the best of the person's knowledge and belief, the cost or pricing data are accurate, complete, and current as of a date certain before contract award. Cost or pricing data are required to be certified in certain procurements (10 U.S.C. chapter 271 and 41 U.S.C. chapter 35).
Change-of-name agreement means a legal instrument executed by the contractor and the Government that recognizes the legal change of name of the contractor without disturbing the original contractual rights and obligations of the parties.
Change order means a written order, signed by the contracting officer, directing the contractor to make a change that the Changes clause authorizes the contracting officer to order without the contractor's consent.
Chief Acquisition Officer means an executive level acquisition official responsible for agency performance of acquisition activities and acquisition programs created pursuant to 41 U.S.C. 1702.
Chief of mission means the principal officer in charge of a diplomatic mission of the United States or of a United States office abroad which is designated by the Secretary of State as diplomatic in nature, including any individual assigned under section 502(c) of the Foreign Service Act of 1980 (Public Law 96-465) to be temporarily in charge of such a mission or office.
Claim means a written demand or written assertion by one of the contracting parties seeking, as a matter of right, the payment of money in a sum certain, the adjustment or interpretation of contract terms, or other relief arising under or relating to the contract. However, a written demand or written assertion by the contractor seeking the payment of money exceeding $100,000 is not a claim under 41 U.S.C. chapter 71, Contract Disputes, until certified as required by the statute. A voucher, invoice, or other routine request for payment that is not in dispute when submitted is not a claim. The submission may be converted to a claim, by written notice to the contracting officer, if it is disputed either as to liability or amount or is not acted upon in a reasonable time.
Classified acquisition means an acquisition in which offerors must have access to classified information to properly submit an offer or quotation, to understand the performance requirements, or to perform the contract.
Classified contract means any contract in which the contractor or its employees must have access to classified information during contract performance. A contract may be a classified contract even though the contract document itself is unclassified.
Classified information means any knowledge that can be communicated or any documentary material, regardless of its physical form or characteristics, that—
(1)(i) Is owned by, is produced by or for, or is under the control of the United States Government; or
(ii) Has been classified by the Department of Energy as privately generated restricted data following the procedures in 10 CFR 1045.21; and
(2) Must be protected against unauthorized disclosure according to Executive Order 12958, Classified National Security Information, April 17, 1995, or classified in accordance with the Atomic Energy Act of 1954.
Cognizant Federal agency means the Federal agency that, on behalf of all Federal agencies, is responsible for establishing final indirect cost rates and forward pricing rates, if applicable, and administering cost accounting standards for all contracts in a business unit.
Combatant commander means the commander of a unified or specified combatant command established in accordance with 10 U.S.C. 161.
Commercial and Government Entity (CAGE) code means—
(1) An identifier assigned to entities located in the United States or its outlying areas by the Defense Logistics Agency (DLA) Commercial and Government Entity (CAGE) Branch to identify a commercial or government entity by unique location; or
(2) An identifier assigned by a member of the North Atlantic Treaty Organization (NATO) or by the NATO Support and Procurement Agency (NSPA) to entities located outside the United States and its outlying areas that the DLA Commercial and Government Entity (CAGE) Branch records and maintains in the CAGE master file. This type of code is known as a NATO CAGE (NCAGE) code.
Commercial component means any component that is a commercial product.
Commercial computer software means software developed or regularly used for nongovernmental purposes which—
(1) Has been sold, leased, or licensed to the public;
(2) Has been offered for sale, lease, or license to the public;
(3) Has not been offered, sold, leased, or licensed to the public but will be available for commercial sale, lease, or license in time to satisfy the delivery requirements of this contract; or
(4) Satisfies a criterion expressed in paragraph (1), (2), or (3) of this definition and would require only minor modification to meet the requirements of this contract.
Commercial product means—
(1) A product, other than real property, that is of a type customarily used by the general public or by nongovernmental entities for purposes other than governmental purposes ( i.e., purposes that are not unique to a government), and—
(i) Has been sold, leased, or licensed to the general public; or
(ii) Has been offered for sale, lease, or license to the general public;
(2) A product that evolved from a product described in paragraph (1) of this definition through advances in technology or performance and that is not yet available in the commercial marketplace, but will be available in the commercial marketplace in time to satisfy the delivery requirements under a Government solicitation;
(3) A product that would satisfy a criterion expressed in paragraph (1) or (2) of this definition, except for—
(i) Modifications of a type customarily available in the commercial marketplace; or
(ii) Minor modifications of a type not customarily available in the commercial marketplace made to meet Federal Government requirements. A minor modification does not significantly alter the function or essential physical characteristics of an item or component, or change the purpose of a process.
(4) Any combination of products meeting the requirements of paragraph (1), (2), or (3) of this definition that are of a type customarily combined and sold in combination to the general public;
(5) A product, or combination of products, referred to in paragraphs (1) through (4) of this definition, even though the product, or combination of products, is transferred between or among separate divisions, subsidiaries, or affiliates of a contractor; or
(6) A nondevelopmental item-developed exclusively at private expense and sold in substantial quantities, on a competitive basis, to multiple State and local governments or to multiple foreign governments.
Commercial service means—
(1) Installation services, maintenance services, repair services, training services, and other services if—
(i) Such services are procured for support of a commercial product, as defined in this section, regardless of whether such services are provided by the same source or at the same time as the commercial product; and
(ii) The source of such services provides similar services at the same time to the general public under terms and conditions similar to those offered to the Government;
(2) Services, including construction, of a type offered and sold competitively in substantial quantities in the commercial marketplace based on established catalog or market prices for specific tasks performed or specific outcomes to be achieved and under standard commercial terms and conditions. For purposes of these services—
(i) Catalog price means a price included in a catalog, price list, schedule, or other form that the manufacturer or vendor regularly maintains, customers can inspect, is either published or otherwise available for inspection by customers, and states prices at which sales are currently, or were last, made to a significant number of buyers constituting the general public; and
(ii) Market prices means current prices that are established in the course of ordinary trade between buyers and sellers free to bargain and that can be substantiated through competition or from sources independent of the offerors; or
(3) A service referred to in paragraph (1) or (2) of this definition, even though the service is transferred between or among separate divisions, subsidiaries, or affiliates of a contractor.
Commercially available off-the-shelf (COTS) item—
(1) Means any item of supply that is—
(i) A commercial product (as defined in paragraph (1) of the definition of “commercial product” in this section);
(ii) Sold in substantial quantities in the commercial marketplace; and
(iii) Offered to the Government without modification, in the same form in which it is sold in the commercial marketplace; but
(2) Does not include bulk cargo, as defined in 46 U.S.C. 40102(4), such as agricultural products and petroleum products.
Common item means material that is common to the applicable Government contract and the contractor's other work, except that for use in the clause at 52.246-26, see the definition in paragraph (a) of that clause.
Component means any item supplied to the Government as part of an end item or of another component, except that for use in—
(1) Part 25, see the definition in 25.002;
(2) 52.225-1 and 52.225-3, see the definition in 52.225-1(a) and 52.225-3(a);
(3) 52.225-9 and 52.225-11, see the definition in 52.225-9(a) and 52.225-11(a); and
(4) 52.225-21 and 52.225-23, see the definition in 52.225-21(a) and 52.225-23(a).
Computer database or database means a collection of recorded information in a form capable of, and for the purpose of, being stored in, processed, and operated on by a computer. The term does not include computer software.
Computer software means computer programs, source code, source code listings, object code listings, design details, algorithms, processes, flow charts, formulae and related material that would enable the software to be reproduced, recreated, or recompiled. Computer software does not include computer databases or computer software documentation.
Computer software documentation means owner's manuals, user's manuals, installation instructions, operating instructions, and other similar items, regardless of storage medium, that explain the capabilities of the computer software or provide instructions for using the software.
Consent to subcontract means the contracting officer's written consent for the prime contractor to enter into a particular subcontract.
Consolidation or consolidated requirement—
(1) Means a solicitation for a single contract, a multiple-award contract, a task order, or a delivery order to satisfy—
(i) Two or more requirements of the Federal agency for supplies or services that have been provided to or performed for the Federal agency under two or more separate contracts, each of which was lower in cost than the total cost of the contract for which offers are solicited, the total cost of which exceeds $2 million (including options); or
(ii) Requirements of the Federal agency for construction projects to be performed at two or more discrete sites.
(2) Separate contract as used in this definition, means a contract that has been performed by any business, including small and other than small business concerns.
Construction means construction, alteration, or repair (including dredging, excavating, and painting) of buildings, structures, or other real property. For purposes of this definition, the terms “buildings, structures, or other real property” include, but are not limited to, improvements of all types, such as bridges, dams, plants, highways, parkways, streets, subways, tunnels, sewers, mains, power lines, cemeteries, pumping stations, railways, airport facilities, terminals, docks, piers, wharves, ways, lighthouses, buoys, jetties, breakwaters, levees, canals, and channels. Construction does not include the manufacture, production, furnishing, construction, alteration, repair, processing, or assembling of vessels, aircraft, or other kinds of personal property (except that for use in subpart 22.5, see the definition at 22.501).
Contiguous United States (CONUS) means the 48 contiguous States and the District of Columbia.
Contingency operation (10 U.S.C. 101(a)(13)) means a military operation that—
(1) Is designated by the Secretary of Defense as an operation in which members of the armed forces are or may become involved in military actions, operations, or hostilities against an enemy of the United States or against an opposing military force; or
(2) Results in the call or order to, or retention on, active duty of members of the uniformed services under sections 688, 12301(a), 12302, 12304, 12304a, 12305, or 12406 of title 10 of the United States Code, Chapter 13 of title 10 of the United States Code, and section 3713 of title 14 of the United States Code, or any other provision of law during a war or during a national emergency declared by the President or Congress.
Continued portion of the contract means the portion of a contract that the contractor must continue to perform following a partial termination.
Contract means a mutually binding legal relationship obligating the seller to furnish the supplies or services (including construction) and the buyer to pay for them. It includes all types of commitments that obligate the Government to an expenditure of appropriated funds and that, except as otherwise authorized, are in writing. In addition to bilateral instruments, contracts include (but are not limited to) awards and notices of awards; job orders or task letters issued under basic ordering agreements; letter contracts; orders, such as purchase orders, under which the contract becomes effective by written acceptance or performance; and bilateral contract modifications. Contracts do not include grants and cooperative agreements covered by 31 U.S.C. 6301, et seq. For discussion of various types of contracts, see part 16.
Contract administration office (CAO) means an office that performs—
(1) Assigned postaward functions related to the administration of contracts; and
(2) Assigned preaward functions.
Contract clause or clause means a term or condition used in contracts or in both solicitations and contracts, and applying after contract award or both before and after award.
Contract modification means any written change in the terms of a contract (see 43.203).
Contracting means purchasing, renting, leasing, or otherwise obtaining supplies or services from nonfederal sources. Contracting includes description (but not determination) of supplies and services required, selection and solicitation of sources, preparation and award of contracts, and all phases of contract administration. It does not include making grants or cooperative agreements.
Contracting activity means an element of an agency designated by the agency head and delegated broad authority regarding acquisition functions.
Contracting office means an office that awards or executes a contract for supplies or services and performs postaward functions not assigned to a contract administration office (except for use in part 42, see 42.1401).
Contracting officer means a person with the authority to enter into, administer, and/or terminate contracts and make related determinations and findings. The term includes certain authorized representatives of the contracting officer acting within the limits of their authority as delegated by the contracting officer. “Administrative contracting officer (ACO)” refers to a contracting officer who is administering contracts. “Termination contracting officer (TCO)” refers to a contracting officer who is settling terminated contracts. A single contracting officer may be responsible for duties in any or all of these areas. Reference in this regulation (48 CFR chapter 1) to administrative contracting officer or termination contracting officer does not—
(1) Require that a duty be performed at a particular office or activity; or
(2) Restrict in any way a contracting officer in the performance of any duty properly assigned.
Contracting officer's representative (COR) means an individual, including a contracting officer's technical representative (COTR), designated and authorized in writing by the contracting officer to perform specific technical or administrative functions.
Controlled unclassified information (CUI) means information that the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Governmentwide policy requires or permits an agency to handle using safeguarding or dissemination controls. CUI does not include—
(1) Information that a Contractor possesses in its own system that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an agency (see 32 CFR 2002.4); or
(2) Federally-funded basic and applied research at colleges, universities, and laboratories in accordance with National Security Decision Directive 189; or
(3) Information a Contractor creates or possesses that a law, regulation, or Governmentwide policy does not specifically require the Contractor to handle using safeguarding or dissemination controls.
Conviction means a judgment or conviction of a criminal offense by any court of competent jurisdiction, whether entered upon a verdict or a plea, and includes a conviction entered upon a plea of nolo contendere. For use in subpart 9.4, see the definition at 9.403. For use in subpart 26.5, see the definition at 26.502.
Cost or pricing data (10 U.S.C. 3701(1) and 41 U.S.C. chapter 35) means all facts that, as of the date of price agreement, or, if applicable, an earlier date agreed upon between the parties that is as close as practicable to the date of agreement on price, prudent buyers and sellers would reasonably expect to affect price negotiations significantly. Cost or pricing data are factual, not judgmental; and are verifiable. While they do not indicate the accuracy of the prospective contractor's judgment about estimated future costs or projections, they do include the data forming the basis for that judgment. Cost or pricing data are more than historical accounting data; they are all the facts that can be reasonably expected to contribute to the soundness of estimates of future costs and to the validity of determinations of costs already incurred. They also include, but are not limited to, such factors as—
(1) Vendor quotations;
(2) Nonrecurring costs;
(3) Information on changes in production methods and in production or purchasing volume;
(4) Data supporting projections of business prospects and objectives and related operations costs;
(5) Unit-cost trends such as those associated with labor efficiency;
(6) Make-or-buy decisions;
(7) Estimated resources to attain business goals; and
(8) Information on management decisions that could have a significant bearing on costs.
Cost realism means that the costs in an offeror's proposal—
(1) Are realistic for the work to be performed;
(2) Reflect a clear understanding of the requirements; and
(3) Are consistent with the various elements of the offeror's technical proposal.
Cost sharing means an explicit arrangement under which the contractor bears some of the burden of reasonable, allocable, and allowable contract cost.
Covered territory business, as defined at 15 U.S.C. 632(ff) and 13 CFR 125.1, means a small business concern that has its principal office located in the United States Virgin Islands, American Samoa, Guam, or the Commonwealth of the Northern Mariana Islands.
Customs territory of the United States means the 50 States, the District of Columbia, and Puerto Rico.
Data other than certified cost or pricing data means pricing data, cost data, and judgmental information necessary for the contracting officer to determine a fair and reasonable price or to determine cost realism. Such data may include the identical types of data as certified cost or pricing data, consistent with Table 15-1 of 15.408, but without the certification. The data may also include, for example, sales data and any information reasonably required to explain the offeror's estimating process, including, but not limited to—
(1) The judgmental factors applied and the mathematical or other methods used in the estimate, including those used in projecting from known data; and
(2) The nature and amount of any contingencies included in the proposed price.
Day means, unless otherwise specified, a calendar day.
Debarment means action taken by a suspending and debarring official under 9.406 to exclude a contractor from Government contracting and Government-approved subcontracting for a reasonable, specified period; a contractor that is “debarred” is excluded.
Delivery order means an order for supplies placed against an established contract or with Government sources.
Depreciation means a charge to current operations that distributes the cost of a tangible capital asset, less estimated residual value, over the estimated useful life of the asset in a systematic and logical manner. It does not involve a process of valuation. Useful life refers to the prospective period of economic usefulness in a particular contractor's operations as distinguished from physical life; it is evidenced by the actual or estimated retirement and replacement practice of the contractor.
Descriptive literature means information provided by an offeror, such as cuts, illustrations, drawings, and brochures, that shows a product's characteristics or construction of a product or explains its operation. The term includes only that information needed to evaluate the acceptability of the product and excludes other information for operating or maintaining the product.
Determination and findings (D&F) means a special form of written approval by an authorized official that is required by statute or regulation before taking certain contract actions. The determination is a conclusion or decision supported by the findings. The findings are statements of fact or reasons essential to support the determination and must cover each requirement of the statute or regulation.
Direct acquisition means a type of interagency acquisition where a requesting agency places an order directly against a servicing agency's indefinite-delivery contract. The servicing agency manages the indefinite-delivery contract but does not participate in the placement or administration of an order.
Direct cost means any cost that is identified specifically with a particular final cost objective. Direct costs are not limited to items that are incorporated in the end product as material or labor. Costs identified specifically with a contract are direct costs of that contract. All costs identified specifically with other final cost objectives of the contractor are direct costs of those cost objectives.
Drug-free workplace means the site(s) for the performance of work done by the contractor in connection with a specific contract where employees of the contractor are prohibited from engaging in the unlawful manufacture, distribution, dispensing, possession, or use of a controlled substance.
Earned value management system (EVMS) means a project management tool that effectively integrates the project scope of work with cost, schedule and performance elements for optimum project planning and control. The qualities and operating characteristics of an earned value management system are described in Electronic Industries Alliance Standard 748 (EIA-748), Earned Value Management Systems. (See OMB Circular A-11, Part 7.)
Economically disadvantaged women-owned small business (EDWOSB) concern —(see definition of Women-Owned Small Business (WOSB) Program in this section).
Effective date of termination means the date on which the notice of termination requires the contractor to stop performance under the contract. If the contractor receives the termination notice after the date fixed for termination, then the effective date of termination means the date the contractor receives the notice.
Electronic commerce means electronic techniques for accomplishing business transactions including electronic mail or messaging, World Wide Web technology, electronic bulletin boards, purchase cards, electronic funds transfer, and electronic data interchange 41 U.S.C. 2301.
Electronic data interchange means a technique for electronically transferring and storing formatted information between computers utilizing established and published formats and codes, as authorized by the applicable Federal Information Processing Standards.
Electronic Funds Transfer (EFT) means any transfer of funds, other than a transaction originated by cash, check, or similar paper instrument, that is initiated through an electronic terminal, telephone, computer, or magnetic tape, for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit an account. The term includes Automated Clearing House transfers, Fedwire transfers, and transfers made at automatic teller machines and point-of-sale terminals. For purposes of compliance with 31 U.S.C. 3332 and implementing regulations at 31 CFR part 208, the term “electronic funds transfer” includes a Governmentwide commercial purchase card transaction.
Electronic Funds Transfer (EFT) indicator means a four-character suffix to the unique entity identifier. The suffix is assigned at the discretion of the commercial, nonprofit, or Government entity to establish additional System for Award Management records for identifying alternative EFT accounts (see subpart 32.11) for the same entity.
Emergency means any occasion or instance for which, in the determination of the President, Federal assistance is needed to supplement State and local efforts and capabilities to save lives and to protect property and public health and safety, or to lessen or avert the threat of a catastrophe in any part of the United States (42 U.S.C. 5122).
End product means supplies delivered under a line item of a Government contract, except for use in part 25 and the associated clauses at 52.225-1, 52.225-3, and 52.225-5, see the definitions in 25.002, 52.225-1(a), 52.225-3(a), and 52.225-5(a).
Excess personal property means any personal property under the control of a Federal agency that the agency head determines is not required for its needs or for the discharge of its responsibilities.
Executive agency means an executive department, a military department, or any independent establishment within the meaning of 5 U.S.C. 101, 102, and 104(1), respectively, and any wholly owned Government corporation within the meaning of 31 U.S.C. 9101.
Facilities capital cost of money means “cost of money as an element of the cost of facilities capital” as used at 48 CFR 9904.414—Cost Accounting Standard—Cost of Money as an Element of the Cost of Facilities Capital.
Federal agency means any executive agency or any independent establishment in the legislative or judicial branch of the Government (except the Senate, the House of Representatives, the Architect of the Capitol, and any activities under the Architect's direction).
Federally-controlled facilities means—
(1) Federally-owned buildings or leased space, whether for single or multi-tenant occupancy, and its grounds and approaches, all or any portion of which is under the jurisdiction, custody or control of a department or agency;
(2) Federally-controlled commercial space shared with non-government tenants. For example, if a department or agency leased the 10th floor of a commercial building, the Directive applies to the 10th floor only;
(3) Government-owned, contractor-operated facilities, including laboratories engaged in national defense research and production activities; and
(4) Facilities under a management and operating contract, such as for the operation, maintenance, or support of a Government-owned or Government-controlled research, development, special production, or testing establishment.
Federally Funded Research and Development Centers (FFRDCs) means activities that are sponsored under a broad charter by a Government agency (or agencies) for the purpose of performing, analyzing, integrating, supporting, and/or managing basic or applied research and/or development, and that receive 70 percent or more of their financial support from the Government; and—
(1) A long-term relationship is contemplated;
(2) Most or all of the facilities are owned or funded by the Government; and
(3) The FFRDC has access to Government and supplier data, employees, and facilities beyond that common in a normal contractual relationship.
Federal information system (FIS) means an information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency (40 U.S.C. 11331).
Final indirect cost rate means the indirect cost rate established and agreed upon by the Government and the contractor as not subject to change. It is usually established after the close of the contractor's fiscal year (unless the parties decide upon a different period) to which it applies. For cost-reimbursement research and development contracts with educational institutions, it may be predetermined; that is, established for a future period on the basis of cost experience with similar contracts, together with supporting data.
First article means a preproduction model, initial production sample, test sample, first lot, pilot lot, or pilot models.
First article testing means testing and evaluating the first article for conformance with specified contract requirements before or in the initial stage of production.
F.o.b. means free on board. This term is used in conjunction with a physical point to determine—
(1) The responsibility and basis for payment of freight charges; and
(2) Unless otherwise agreed, the point where title for goods passes to the buyer or consignee.
F.o.b. destination means free on board at destination; i.e., the seller or consignor delivers the goods on seller's or consignor's conveyance at destination. Unless the contract provides otherwise, the seller or consignor is responsible for the cost of shipping and risk of loss. For use in the clause at 52.247-34, see the definition at 52.247-34(a).
F.o.b. origin means free on board at origin; i.e., the seller or consignor places the goods on the conveyance. Unless the contract provides otherwise, the buyer or consignee is responsible for the cost of shipping and risk of loss. For use in the clause at 52.247-29, see the definition at 52.247-29(a).
Forward pricing rate agreement means a written agreement negotiated between a contractor and the Government to make certain rates available during a specified period for use in pricing contracts or modifications. These rates represent reasonable projections of specific costs that are not easily estimated for, identified with, or generated by a specific contract, contract end item, or task. These projections may include rates for such things as labor, indirect costs, material obsolescence and usage, spare parts provisioning, and material handling.
Forward pricing rate recommendation means a rate set unilaterally by the administrative contracting officer for use by the Government in negotiations or other contract actions when forward pricing rate agreement negotiations have not been completed or when the contractor will not agree to a forward pricing rate agreement.
Freight means supplies, goods, and transportable property.
Full and open competition, when used with respect to a contract action, means that all responsible sources are permitted to compete.
General and administrative (G&A) expense means any management, financial, and other expense which is incurred by or allocated to a business unit and which is for the general management and administration of the business unit as a whole. G&A expense does not include those management expenses whose beneficial or causal relationship to cost objectives can be more directly measured by a base other than a cost input base representing the total activity of a business unit during a cost accounting period.
Governmentwide acquisition contract (GWAC) means a task-order or delivery-order contract for information technology established by one agency for Governmentwide use that is operated—
(1) By an executive agent designated by the Office of Management and Budget pursuant to 40 U.S.C. 11302(e); or
(2) Under a delegation of procurement authority issued by the General Services Administration (GSA) prior to August 7, 1996, under authority granted GSA by former section 40 U.S.C. 759, repealed by Public Law 104-106. The Economy Act does not apply to orders under a Governmentwide acquisition contract.
Governmentwide commercial purchase card means a purchase card, similar in nature to a commercial credit card, issued to authorized agency personnel to use to acquire and to pay for supplies and services.
Governmentwide point of entry (GPE) means the single point where Government business opportunities, including synopses of proposed contract actions, solicitations, and associated information, can be accessed electronically by the public. The GPE is located at https://www.sam.gov.
Head of the agency (see “agency head”).
Head of the contracting activity (HCA) means the official who has overall responsibility for managing the contracting activity.
HUBZone means a historically underutilized business zone that is an area located within one or more qualified census tracts, qualified nonmetropolitan counties, lands within the external boundaries of an Indian reservation, qualified base closure areas, redesignated areas, governor-designated covered areas, or qualified disaster areas, as defined in 13 CFR 126.103.
HUBZone contract means a contract awarded to a Small Business Administration certified “HUBZone small business concern” through any of the following procurement methods:
(1) A sole-source award to a HUBZone small business concern.
(2) Set-aside awards based on competition restricted to HUBZone small business concerns.
(3) Awards to HUBZone small business concerns through full and open competition after a price evaluation preference in favor of HUBZone small business concerns.
(4) Awards based on a reserve for HUBZone small business concerns in a solicitation for a multiple-award contract.
HUBZone small business concern means a small business concern that meets the requirements described in 13 CFR 126.200, is certified by the Small Business Administration (SBA) and designated by SBA as a HUBZone small business concern in the Dynamic Small Business Search (13 CFR 126.103). SBA's designation also appears in SAM.
Humanitarian or peacekeeping operation means a military operation in support of the provision of humanitarian or foreign disaster assistance or in support of a peacekeeping operation under chapter VI or VII of the Charter of the United Nations. The term does not include routine training, force rotation, or stationing (10 U.S.C. 3015(2) and 41 U.S.C. 153(2)).
In writing, writing, or written means any worded or numbered expression that can be read, reproduced, and later communicated, and includes electronically transmitted and stored information.
Indirect cost means any cost not directly identified with a single final cost objective, but identified with two or more final cost objectives or with at least one intermediate cost objective.
Indirect cost rate means the percentage or dollar factor that expresses the ratio of indirect expense incurred in a given period to direct labor cost, manufacturing cost, or another appropriate base for the same period (see also “final indirect cost rate”).
Ineligible means excluded from Government contracting (and subcontracting, if appropriate) pursuant to statutory, Executive order, or regulatory authority other than this regulation (48 CFR chapter 1) and its implementing and supplementing regulations; for example, pursuant to—
(1) 40 U.S.C. chapter 31, subchapter IV, Wage Rate Requirements (Construction), and its related statutes and implementing regulations;
(2) 41 U.S.C. chapter 67, Service Contract Labor Standards;
(3) The Equal Employment Opportunity Acts and Executive orders;
(4) 41 U.S.C. chapter 65, Contracts for Material, Supplies, Articles, and Equipment Exceeding $10,000;
(5) 41 U.S.C. chapter 83, Buy American; or
(6) The Environmental Protection Acts and Executive orders.
Information and communication technology (ICT) means information technology and other equipment, systems, technologies, or processes, for which the principal function is the creation, manipulation, storage, display, receipt, or transmission of electronic data and information, as well as any associated content. Examples of ICT include but are not limited to the following: Computers and peripheral equipment; information kiosks and transaction machines; telecommunications equipment; customer premises equipment; multifunction office machines; software; applications; websites; videos; and electronic documents.
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—
(1) Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;
(2) Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and
(3) Availability, which means ensuring timely and reliable access to, and use of, information.
Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information (44 U.S.C. 3502(8)).
Information technology means any equipment, or interconnected system(s) or subsystem(s) of equipment, that is used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency.
(1) For purposes of this definition, equipment is used by an agency if the equipment is used by the agency directly or is used by a contractor under a contract with the agency that requires—
(i) Its use; or
(ii) To a significant extent, its use in the performance of a service or the furnishing of a product.
(2) The term “information technology” includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources.
(3) The term “information technology” does not include any equipment that—
(i) Is acquired by a contractor incidental to a contract; or
(ii) Contains imbedded information technology that is used as an integral part of the product, but the principal function of which is not the acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. For example, HVAC (heating, ventilation, and air conditioning) equipment, such as thermostats or temperature control devices, and medical equipment where information technology is integral to its operation, are not information technology.
Inherently governmental function means, as a matter of policy, a function that is so intimately related to the public interest as to mandate performance by Government employees. This definition is a policy determination, not a legal determination. An inherently governmental function includes activities that require either the exercise of discretion in applying Government authority, or the making of value judgments in making decisions for the Government. Governmental functions normally fall into two categories: the act of governing, i.e., the discretionary exercise of Government authority, and monetary transactions and entitlements.
(1) An inherently governmental function involves, among other things, the interpretation and execution of the laws of the United States so as to—
(i) Bind the United States to take or not to take some action by contract, policy, regulation, authorization, order, or otherwise;
(ii) Determine, protect, and advance United States economic, political, territorial, property, or other interests by military or diplomatic action, civil or criminal judicial proceedings, contract management, or otherwise;
(iii) Significantly affect the life, liberty, or property of private persons;
(iv) Commission, appoint, direct, or control officers or employees of the United States; or
(v) Exert ultimate control over the acquisition, use, or disposition of the property, real or personal, tangible or intangible, of the United States, including the collection, control, or disbursement of Federal funds.
(2) Inherently governmental functions do not normally include gathering information for or providing advice, opinions, recommendations, or ideas to Government officials. They also do not include functions that are primarily ministerial and internal in nature, such as building security, mail operations, operation of cafeterias, housekeeping, facilities operations and maintenance, warehouse operations, motor vehicle fleet management operations, or other routine electrical or mechanical services.
Inspection means examining and testing supplies or services (including, when appropriate, raw materials, components, and intermediate assemblies) to determine whether they conform to contract requirements.
Insurance means a contract that provides that for a stipulated consideration, one party undertakes to indemnify another against loss, damage, or liability arising from an unknown or contingent event.
Interagency acquisition means a procedure by which an agency needing supplies or services (the requesting agency) obtains them from another agency (the servicing agency), by an assisted acquisition or a direct acquisition. The term includes—
(1) Acquisitions under the Economy Act (31 U.S.C. 1535); and
(2) Non-Economy Act acquisitions completed under other statutory authorities ( e.g., General Services Administration Federal Supply Schedules in subpart 8.4 and Governmentwide acquisition contracts (GWACs)).
Invoice means a contractor's bill or written request for payment under the contract for supplies delivered or services performed (see also “proper invoice”).
Irrevocable letter of credit means a written commitment by a federally insured financial institution to pay all or part of a stated amount of money, until the expiration date of the letter, upon the Government's (the beneficiary) presentation of a written demand for payment. Neither the financial institution nor the offeror/contractor can revoke or condition the letter of credit.
Labor surplus area means a geographical area identified by the Department of Labor in accordance with 20 CFR part 654, subpart A, as an area of concentrated unemployment or underemployment or an area of labor surplus.
Labor surplus area concern means a concern that together with its first-tier subcontractors will perform substantially in labor surplus areas. Performance is substantially in labor surplus areas if the costs incurred under the contract on account of manufacturing, production, or performance of appropriate services in labor surplus areas exceed 50 percent of the contract price.
Latent defect means a defect that exists at the time of acceptance but cannot be discovered by a reasonable inspection.
Line item means the basic structural element in a procurement instrument that describes and organizes the required product or service for pricing, delivery, inspection, acceptance, invoicing, and payment. The use of the term “line item” includes “subline item,” as applicable.
Line item number means either a numeric or alphanumeric format to identify a line item.
Major disaster means any natural catastrophe (including any hurricane, tornado, storm, high water, winddriven water, tidal wave, tsunami, earthquake, volcanic eruption, landslide, mudslide, snowstorm, or drought), or regardless of cause, any fire, flood, or explosion, in any part of the United States, which, in the determination of the President, causes damage of sufficient severity and magnitude to warrant major disaster assistance under the Stafford Act to supplement the efforts and available resources of States, local governments, and disaster relief organizations in alleviating the damage, loss, hardship, or suffering caused thereby (42 U.S.C. 5122).
Major system means that combination of elements that will function together to produce the capabilities required to fulfill a mission need. The elements may include hardware, equipment, software, or any combination thereof, but exclude construction or other improvements to real property. A system is a major system if—
(1) The Department of Defense is responsible for the system and the total expenditures for research, development, test, and evaluation for the system are estimated to be more than $275 million based on Fiscal Year 2024 constant dollars or the eventual total expenditure for the acquisition exceeds $1.3 billion based on Fiscal Year 2024 constant dollars (or any update of these thresholds based on a more recent fiscal year, as specified in the DoD Instruction 5000.85, “Major Capability Acquisition”);
(2) A civilian agency is responsible for the system and total expenditures for the system are estimated to exceed $2 million or the dollar threshold for a “major system” established by the agency, whichever is greater; or
(3) The system is designated a “major system” by the head of the agency responsible for the system (10 U.S.C. 3041 and 41 U.S.C. 109).
Manufactured end product means any end product in product and service codes (PSC) 1000-9999, except—
(1) PSC 5510, Lumber and Related Basic Wood Materials;
(2) Product or service group (PSG) 87, Agricultural Supplies;
(3) PSG 88, Live Animals;
(4) PSG 89, Subsistence;
(5) PSC 9410, Crude Grades of Plant Materials;
(6) PSC 9430, Miscellaneous Crude Animal Products, Inedible;
(7) PSC 9440, Miscellaneous Crude Agricultural and Forestry Products;
(8) PSC 9610, Ores;
(9) PSC 9620, Minerals, Natural and Synthetic; and
(10) PSC 9630, Additive Metal Materials.
Market research means collecting and analyzing information about capabilities within the market to satisfy agency needs.
Master solicitation means a document containing special clauses and provisions that have been identified as essential for the acquisition of a specific type of supply or service that is acquired repetitively.
May denotes the permissive. However, the words “no person may . . .” means that no person is required, authorized, or permitted to do the act described.
Micro-purchase means an acquisition of supplies or services, the aggregate amount of which does not exceed the micro-purchase threshold when using the procedures in subpart 12.4.
Micro-purchase threshold (MPT) means $15,000, except it means—
(1) For acquisitions of construction subject to 40 U.S.C. chapter 31, subchapter IV, Wage Rate Requirements (Construction), $2,000;
(2) For acquisitions of services subject to 41 U.S.C. chapter 67, Service Contract Labor Standards, $2,500;
(3) For acquisitions of supplies or services that, as determined by the head of the agency, are to be used to support a contingency operation; to facilitate defense against or recovery from cyber, nuclear, biological, chemical or radiological attack; to support a request from the Secretary of State or the Administrator of the United States Agency for International Development to facilitate provision of international disaster assistance pursuant to 22 U.S.C. 2292 et seq.; or to support response to an emergency or major disaster (42 U.S.C. 5122), as described in 13.201(g)(1), except for construction subject to 40 U.S.C. chapter 31, subchapter IV, Wage Rate Requirements (Construction) (41 U.S.C. 1903)—
(i) $25,000 in the case of any contract to be awarded and performed, or purchase to be made, inside the United States; and
(ii) $40,000 in the case of any contract to be awarded and performed, or purchase to be made, outside the United States; and
(4) For acquisitions of supplies or services from institutions of higher education (20 U.S.C. 1001(a)) or related or affiliated nonprofit entities, or from nonprofit research organizations or independent research institutes—
(i) $15,000; or
(ii) A higher threshold, as determined appropriate by the head of the agency and consistent with clean audit findings under 31 U.S.C. chapter 75, Requirements for Single Audits; an internal institutional risk assessment; or State law.
Multi-agency contract means a task-order or delivery-order contract established by one agency for use by Government agencies to obtain supplies and services, consistent with the Economy Act (see 17.502-2). Multi-agency contracts include contracts for information technology established pursuant to 40 U.S.C. 11314(a)(2).
Multiple-award contract (MAC) means a contract that is—
(1) A Multiple Award Schedule contract issued by GSA ( e.g., GSA Schedule Contract) or agencies granted Multiple Award Schedule contract authority by GSA ( e.g., Department of Veterans Affairs) as described in FAR part 8;
(2) A multiple-award task-order or delivery-order contract issued in accordance with FAR subpart 16.5, including Governmentwide acquisition contracts; or
(3) Any other indefinite-delivery, indefinite-quantity contract entered into with two or more sources pursuant to the same solicitation.
Must denotes the imperative.
National defense means any activity related to programs for military or atomic energy production or construction, military assistance to any foreign nation, stockpiling, or space, except that for use in subpart 11.6, see the definition in 11.601.
Neutral person means an impartial third party, who serves as a mediator, fact finder, or arbitrator, or otherwise functions to assist the parties to resolve the issues in controversy. A neutral person may be a permanent or temporary officer or employee of the Federal Government or any other individual who is acceptable to the parties. A neutral person must have no official, financial, or personal conflict of interest with respect to the issues in controversy, unless the interest is fully disclosed in writing to all parties and all parties agree that the neutral person may serve (5 U.S.C. 583).
Nondevelopmental item means—
(1) Any previously developed item of supply used exclusively for governmental purposes by a Federal agency, a State or local government, or a foreign government with which the United States has a mutual defense cooperation agreement;
(2) Any item described in paragraph (1) of this definition that requires only minor modification or modifications of a type customarily available in the commercial marketplace in order to meet the requirements of the procuring department or agency; or
(3) Any item of supply being produced that does not meet the requirements of paragraphs (1) or (2) solely because the item is not yet in use.
Novation agreement means a legal instrument—
(1) Executed by the—
(i) Contractor (transferor);
(ii) Successor in interest (transferee); and
(iii) Government; and
(2) By which, among other things, the transferor guarantees performance of the contract, the transferee assumes all obligations under the contract, and the Government recognizes the transfer of the contract and related assets.
Offer means a response to a solicitation that, if accepted, would bind the offeror to perform the resultant contract.
(1) It includes responses to invitations for bids (sealed bidding) called “bids” or “sealed bids” and responses to requests for proposals (negotiation) called “proposals.”
(2) It does not include responses to requests for quotations or “quotations.”
Offeror means an entity that makes an offer or bid, except as used in part 27, see the definition at 27.401.
Office of Small and Disadvantaged Business Utilization (OSDBU) means the Office of Small Business Programs when referring to the Department of Defense.
OMB Uniform Guidance at 2 CFR part 200 is the abbreviated title for Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (2 CFR part 200), which supersedes OMB Circulars A-21, A-87, A-89, A-102, A-110, A-122, and A-133, and the guidance in Circular A-50 on Audit Followup.
Option means a unilateral right in a contract by which, for a specified time, the Government may elect to purchase additional supplies or services called for by the contract, or may elect to extend the term of the contract.
Organizational conflict of interest means that because of other activities or relationships with other persons, a person is unable or potentially unable to render impartial assistance or advice to the Government, or the person's objectivity in performing the contract work is or might be otherwise impaired, or a person has an unfair competitive advantage.
Outlying areas means—
(1) Commonwealths. (i) Puerto Rico.
(ii) The Northern Mariana Islands;
(2) Territories. (i) American Samoa.
(ii) Guam.
(iii) U.S. Virgin Islands; and
(3) Minor outlying islands. (i) Baker Island.
(ii) Howland Island.
(iii) Jarvis Island.
(iv) Johnston Atoll.
(v) Kingman Reef.
(vi) Midway Islands.
(vii) Navassa Island.
(viii) Palmyra Atoll.
(ix) Wake Atoll.
Overtime means time worked by a contractor's employee in excess of the employee's normal workweek.
Partial termination means the termination of a part, but not all, of the work that has not been completed and accepted under a contract.
Past performance means an offeror's or contractor's performance on active and physically completed contracts.
Performance-based acquisition means an acquisition structured around the results to be achieved as opposed to the manner by which the work is to be performed.
Performance Work Statement (PWS) means a statement of work for performance-based acquisitions that describes the required results in clear, specific and objective terms with measurable outcomes.
Personal property means property of any kind or interest in it except real property, records of the Federal Government, and naval vessels of the following categories:
(1) Battleships;
(2) Cruisers;
(3) Aircraft carriers;
(4) Destroyers; and
(5) Submarines.
Personal services contract means a contract that, by its express terms or as administered, makes the contractor personnel appear to be, in effect, Government employees (see 37.104).
Plant clearance officer means an authorized representative of the contracting officer, appointed in accordance with agency procedures, responsible for screening, redistributing, and disposing of contractor inventory from a contractor's plant or work site. The term “contractor's plant” includes, but is not limited to, Government-owned contractor-operated plants, Federal installations, and Federal and non-Federal industrial operations, as may be required under the scope of the contract.
Power of attorney means the authority given one person or corporation to act for and obligate another, as specified in the instrument creating the power; in corporate suretyship, an instrument under seal that appoints an attorney-in-fact to act in behalf of a surety company in signing bonds (see also “attorney-in-fact” at 28.001).
Preaward survey means an evaluation of a prospective contractor's capability to perform a proposed contract.
Preponderance of the evidence means proof by information that, compared with that opposing it, leads to the conclusion that the fact at issue is more probably true than not.
Pricing means the process of establishing a reasonable amount or amounts to be paid for supplies or services.
Principal means an officer, director, owner, partner, or a person having primary management or supervisory responsibilities within a business entity ( e.g., general manager; plant manager; head of a division or business segment; and similar positions).
Procurement (see “acquisition”).
Procuring activity means a component of an executive agency having a significant acquisition function and designated as such by the head of the agency. Unless agency regulations specify otherwise, the term “procuring activity” is synonymous with “contracting activity.”
Products has the same meaning as supplies.
Proper invoice means an invoice that meets the minimum standards specified in 32.905(b).
Purchase order, when issued by the Government, means an offer by the Government to buy supplies or services, including construction and research and development, upon specified terms and conditions, using simplified acquisition procedures.
Qualifying offeror means an offeror that is determined to be a responsible source, submits a technically acceptable proposal that conforms to the requirements of the solicitation, and the contracting officer has no reason to believe would be likely to offer other than fair and reasonable pricing (10 U.S.C. 3206(c)(4)).
Receiving report means written evidence that indicates Government acceptance of supplies delivered or services performed (see subpart 46.6). Receiving reports must meet the requirements of 32.905(c).
Recovered material means waste materials and by-products recovered or diverted from solid waste, but the term does not include those materials and by-products generated from, and commonly reused within, an original manufacturing process. (42 U.S.C. 6903)
Requesting agency means the agency that has the requirement for an interagency acquisition.
Residual value means the proceeds, less removal and disposal costs, if any, realized upon disposition of a tangible capital asset. It usually is measured by the net proceeds from the sale or other disposition of the asset, or its fair value if the asset is traded in on another asset. The estimated residual value is a current forecast of the residual value.
Responsible audit agency means the agency that is responsible for performing all required contract audit services at a business unit.
Responsible prospective contractor means a contractor that meets the standards in 9.104.
Reverse auction means a real-time auction generally conducted through an electronic medium among two or more offerors who compete by submitting bids for an award of a supply contract, service contract, purchase order, or blanket purchase agreement, or for an award of an order under a contract or blanket purchase agreement, with the ability to submit revised lower bids at any time before the closing of the auction (section 2 of the Construction Consensus Procurement Improvement Act of 2021 (Pub. L. 117-28)).
SAM Contract Awards Management means the contract award reporting module in SAM.gov, which is the successor system to the Federal Procurement Data System.
Scrap means personal property that has no value except its basic metallic, mineral, or organic content.
Segment means one of two or more divisions, product departments, plants, or other subdivisions of an organization reporting directly to a home office, usually identified with responsibility for profit and/or producing a product or service. The term includes—
(1) Government-owned contractor-operated facilities; and
(2) Joint ventures and subsidiaries (domestic and foreign) in which the organization has—
(i) A majority ownership; or
(ii) Less than a majority ownership, but over which it exercises control.
Self-insurance means the assumption or retention of the risk of loss by the contractor, whether voluntarily or involuntarily. Self-insurance includes the deductible portion of purchased insurance.
Senior procurement executive (SPE) means the individual appointed pursuant to 41 U.S.C. 1702(c) who is responsible for management direction of the acquisition system of the executive agency, including implementation of the unique acquisition policies, regulations, and standards of the executive agency.
Service-disabled veteran-owned small business (SDVOSB) concern means a small business concern—
(1)(i) Not less than 51 percent of which is owned and controlled by one or more service-disabled veterans or, in the case of any publicly owned business, not less than 51 percent of the stock of which is owned by one or more service-disabled veterans; and
(ii) The management and daily business operations of which are controlled by one or more service-disabled veterans or, in the case of a service-disabled veteran with permanent and severe disability, the spouse or permanent caregiver of such veteran; or
(2) A small business concern eligible under the SDVOSB Program in accordance with 13 CFR part 128 (see 19.106).
(3) Service-disabled veteran, as used in this definition, means a veteran as defined in 38 U.S.C. 101(2), with a disability that is service-connected, as defined in 38 U.S.C. 101(16), and who is registered in the Beneficiary Identification and Records Locator Subsystem, or successor system that is maintained by the Department of Veterans Affairs' Veterans Benefits Administration, as a service-disabled veteran.
Service-disabled veteran-owned small business (SDVOSB) concern eligible under the SDVOSB Program means an SDVOSB concern that is designated in the System for Award Management (SAM) as certified by the Small Business Administration (SBA) in accordance with 13 CFR 128.300.
Service-disabled veteran-owned small business (SDVOSB) Program means a program that authorizes contracting officers to limit competition, including award on a sole-source basis, to SDVOSB concerns eligible under the SDVOSB Program.
Servicing agency means the agency that will conduct an assisted acquisition on behalf of the requesting agency.
Shipment means freight transported or to be transported.
Shop drawings means drawings submitted by the construction contractor or a subcontractor at any tier or required under a construction contract, showing in detail either or both of the following:
(1) The proposed fabrication and assembly of structural elements.
(2) The installation ( i.e., form, fit, and attachment details) of materials or equipment.
Should means an expected course of action or policy that is to be followed unless inappropriate for a particular circumstance.
Signature or signed means the discrete, verifiable symbol of an individual that, when affixed to a writing with the knowledge and consent of the individual, indicates a present intention to authenticate the writing. This includes electronic symbols.
Simplified acquisition procedures means the simplified procedures described in 12.201-1 and part 13 for procuring supplies or services.
Simplified acquisition threshold means $350,000, except for—
(1) Acquisitions of supplies or services that, as determined by the head of the agency, are to be used to support a contingency operation; to facilitate defense against or recovery from cyber, nuclear, biological, chemical, or radiological attack; to support a request from the Secretary of State or the Administrator of the United States Agency for International Development to facilitate provision of international disaster assistance pursuant to 22 U.S.C. 2292 et seq.; or to support response to an emergency or major disaster (42 U.S.C. 5122), (41 U.S.C. 1903), the term means—
(i) $1 million for any contract to be awarded and performed, or purchase to be made, inside the United States; and
(ii) $2 million for any contract to be awarded and performed, or purchase to be made, outside the United States; and
(2) Acquisitions of supplies or services that, as determined by the head of the agency, are to be used to support a humanitarian or peacekeeping operation (10 U.S.C. 3015), the term means $650,000 for any contract to be awarded and performed, or purchase to be made, outside the United States.
Small business concern—
(1) Means a concern, including its affiliates, that is independently owned and operated, not dominant in its field of operation, and qualified as a small business under the criteria and size standards in 13 CFR part 121 (see 19.103).
(2) Affiliates, as used in this definition, means business concerns, one of whom directly or indirectly controls or has the power to control the others, or a third party or parties control or have the power to control the others. In determining whether affiliation exists, consideration is given to all appropriate factors including common ownership, common management, and contractual relationships. SBA determines affiliation based on the factors set forth at 13 CFR 121.103.
Small business subcontractor means a concern that does not exceed the size standard for the North American Industry Classification Systems code that the prime contractor determines best describes the product or service being acquired by the subcontract.
Small Business Teaming Arrangement—
(1) Means an arrangement where—
(i) Two or more small business concerns have formed a joint venture; or
(ii) A small business offeror agrees with one or more other small business concerns to have them act as its subcontractors under a specified Government contract. A Small Business Teaming Arrangement between the offeror and its small business subcontractor(s) exists through a written agreement between the parties that—
(A) Is specifically referred to as a “Small Business Teaming Arrangement”; and
(B) Sets forth the different responsibilities, roles, and percentages (or other allocations) of work as it relates to the acquisition;
(2)(i) For civilian agencies, may include two business concerns in a mentor-protégé relationship when both the mentor and the protégé are small or the protégé is small and the concerns have received an exception to affiliation pursuant to 13 CFR 121.103(h)(3)(ii) or (iii).
(ii) For DoD, may include two business concerns in a mentor-protégé relationship in the DoD Mentor-Protégé Program (see 10 U.S.C. 4902) when both the mentor and the protégé are small. There is no exception to joint venture size affiliation for offers received from teaming arrangements under the DoD Mentor-Protégé Program; and
(3) See 13 CFR 121.103(b)(9) regarding the exception to affiliation for offers received from Small Business Teaming Arrangements in the case of a solicitation of offers for a bundled contract with a reserve.
Small disadvantaged business concern, consistent with 13 CFR 124.1001, means a small business concern under the size standard applicable to the acquisition, that
(1) Is at least 51 percent unconditionally and directly owned (as defined at 13 CFR 124.105) by—
(i) One or more socially disadvantaged (as defined at 13 CFR 124.103) and economically disadvantaged (as defined at 13 CFR 124.104) individuals who are citizens of the United States; and
(ii) Each individual claiming economic disadvantage has a net worth not exceeding the threshold at 13 CFR 124.104(c)(2) after taking into account the applicable exclusions set forth at 13 CFR 124.104(c)(2); and
(2) The management and daily business operations of which are controlled (as defined at 13 CFR 124.106) by individuals who meet the criteria in paragraphs (1)(i) and (ii) of this definition.
Sole source acquisition means a contract for the purchase of supplies or services that is entered into or proposed to be entered into by an agency after soliciting and negotiating with only one source.
Solicitation means any request to submit offers or quotations to the Government. Solicitations under sealed bid procedures are called “invitations for bids.” Solicitations under negotiated procedures are called “requests for proposals.” Solicitations under simplified acquisition procedures may require submission of either a quotation or an offer.
Solicitation provision or provision means a term or condition used only in solicitations and applying only before contract award.
Source selection information means any of the following information that is prepared for use by an agency for the purpose of evaluating a bid or proposal to enter into an agency procurement contract, if that information has not been previously made available to the public or disclosed publicly:
(1) Bid prices submitted in response to an agency invitation for bids, or lists of those bid prices before bid opening.
(2) Proposed costs or prices submitted in response to an agency solicitation, or lists of those proposed costs or prices.
(3) Source selection plans.
(4) Technical evaluation plans.
(5) Technical evaluations of proposals.
(6) Cost or price evaluations of proposals.
(7) Competitive range determinations that identify proposals that have a reasonable chance of being selected for award of a contract.
(8) Rankings of bids, proposals, or competitors.
(9) Reports and evaluations of source selection panels, boards, or advisory councils.
(10) Other information marked as “Source Selection Information—See FAR 2.101 and 3.104” based on a case-by-case determination by the head of the agency or the contracting officer, that its disclosure would jeopardize the integrity or successful completion of the Federal agency procurement to which the information relates.
Special competency means a special or unique capability, including qualitative aspects, developed incidental to the primary functions of the Federally Funded Research and Development Centers to meet some special need.
Special test equipment means either single or multipurpose integrated test units engineered, designed, fabricated, or modified to accomplish special purpose testing in performing a contract. It consists of items or assemblies of equipment including foundations and similar improvements necessary for installing special test equipment, and standard or general purpose items or components that are interconnected and interdependent so as to become a new functional entity for special testing purposes. Special test equipment does not include material, special tooling, real property, and equipment items used for general testing purposes or property that with relatively minor expense can be made suitable for general purpose use.
Special tooling means jigs, dies, fixtures, molds, patterns, taps, gauges, and all components of these items including foundations and similar improvements necessary for installing special tooling, and which are of such a specialized nature that without substantial modification or alteration their use is limited to the development or production of particular supplies or parts thereof or to the performance of particular services. Special tooling does not include material, special test equipment, real property, equipment, machine tools, or similar capital items.
Statement of Objectives (SOO) means a Government-prepared document incorporated into the solicitation that states the overall performance objectives. It is used in solicitations when the Government intends to provide the maximum flexibility to each offeror to propose an innovative approach.
Subline item means a subset of a line item.
Substantial evidence means information sufficient to support the reasonable belief that a particular act or omission has occurred.
Substantially as follows or substantially the same as, when used in the prescription and introductory text of a provision or clause, means that authorization is granted to prepare and utilize a variation of that provision or clause to accommodate requirements that are peculiar to an individual acquisition; provided that the variation includes the salient features of the FAR provision or clause, and is not inconsistent with the intent, principle, and substance of the FAR provision or clause or related coverage of the subject matter.
Supplemental agreement means a contract modification that is accomplished by the mutual action of the parties.
Supplies means all property except land or interest in land. It includes (but is not limited to) public works, buildings, and facilities; ships, floating equipment, and vessels of every character, type, and description, together with parts and accessories; aircraft and aircraft parts, accessories, and equipment; machine tools; and the alteration or installation of any of the foregoing.
Surety means an individual or corporation legally liable for the debt, default, or failure of a principal to satisfy a contractual obligation. The types of sureties referred to are as follows:
(1) An individual surety is one person, as distinguished from a business entity, who is liable for the entire penal amount of the bond.
(2) A corporate surety is licensed under various insurance laws and, under its charter, has legal power to act as surety for others.
(3) A cosurety is one of two or more sureties that are jointly liable for the penal sum of the bond. A limit of liability for each surety may be stated.
Surplus property means excess personal property not required by any Federal agency as determined by the Administrator of the General Services Administration (GSA). (See 41 CFR 102-36.40).
Suspending and debarring official means—
(1) An agency head; or
(2) A designee authorized by the agency head to impose a suspension and/or a debarment.
Suspension means action taken by a suspending and debarring official under 9.407 to disqualify a contractor temporarily from Government contracting and Government-approved subcontracting; a contractor that is “suspended” is disqualified.
System for Award Management (SAM) means the primary Government repository available at SAM.gov for prospective Federal awardee and Federal awardee information and the centralized Government system for certain contracting, grants, and other assistance-related processes. It includes—
(1) Data collected from prospective Federal awardees required for the conduct of business with the Government; and
(2) Identification of those parties excluded from receiving Federal contracts, certain subcontracts, and certain types of Federal financial and non-financial assistance and benefits.
Task order means an order for services placed against an established contract or with Government sources.
Taxpayer Identification Number (TIN) means the number required by the IRS to be used by the offeror in reporting income tax and other returns. The TIN may be either a Social Security Number or an Employer Identification Number.
Technical data means recorded information, regardless of the form or method of the recording, of a scientific or technical nature (including computer software documentation). The term does not include computer software or financial, administrative, cost or pricing, or management information, or incidental information to contract administration.
Terminated portion of the contract means the portion of a contract that the contractor is not to perform following a partial termination. For construction contracts that have been completely terminated for convenience, it means the entire contract, notwithstanding the completion of, and payment for, individual items of work before termination.
Termination for convenience means the exercise of the Government's right to completely or partially terminate performance of work under a contract when it is in the Government's interest.
Termination for default means the exercise of the Government's right to completely or partially terminate a contract because of the contractor's actual or anticipated failure to perform its contractual obligations.
Termination inventory means any property purchased, supplied, manufactured, furnished, or otherwise acquired for the performance of a contract subsequently terminated and properly allocable to the terminated portion of the contract. It includes Government-furnished property. It does not include any facilities, material, special test equipment, or special tooling that are subject to a separate contract or to a special contract requirement governing their use or disposition.
Unallowable cost means any cost that, under the provisions of any pertinent law, regulation, or contract, cannot be included in prices, cost-reimbursements, or settlements under a Government contract to which it is allocable.
Unique and innovative concept, when used relative to an unsolicited research proposal, means that—
(1) In the opinion and to the knowledge of the Government evaluator, the meritorious proposal—
(i) Is the product of original thinking submitted confidentially by one source;
(ii) Contains new, novel, or changed concepts, approaches, or methods;
(iii) Was not submitted previously by another; and
(iv) Is not otherwise available within the Federal Government.
(2) In this context, the term does not mean that the source has the sole capability of performing the research.
Unique entity identifier (UEI) means a number or other identifier used to identify a specific commercial, nonprofit, or Government entity. See www.sam.gov for the designated entity for establishing unique entity identifiers.
United States, when used in a geographic sense, means the 50 States and the District of Columbia, except as follows:
(1) For use in subpart 3.10, see the definition at 3.1001.
(2) [Reserved]
(3) For use in subpart 22.8, see the definition at 22.801.
(4) For use in subpart 22.9, see the definition at 22.901.
(5) For use in subpart 22.12, see the definition at 22.1201.
(6) For use in subpart 22.13, see the definition at 22.1302.
(7) For use in subpart 22.14, see the definition at 22.1401.
(8) [Reserved]
(9) [Reserved]
(10) For use in part 25, see the definition at 25.002.
(11) For use in part 27, see the definition at 27.001.
(12) For use in subpart 47.4, see the definition at 47.401.
Unsolicited proposal means a written proposal for a new or innovative idea that is submitted to an agency on the initiative of the offeror for the purpose of obtaining a contract with the Government, and that is not in response to a request for proposals, Broad Agency Announcement, Small Business Innovation Research topic, Small Business Technology Transfer topic, Program Research and Development Announcement, or any other Government-initiated solicitation or program.
Veteran-owned small business concern means a small business concern—
(1) Not less than 51 percent of which is owned and controlled by one or more veterans (as defined at 38 U.S.C. 101(2)) or, in the case of any publicly owned business, not less than 51 percent of the stock of which is owned by one or more veterans; and
(2) The management and daily business operations of which are controlled by one or more veterans.
Voluntary consensus standards means common and repeated use of rules, conditions, guidelines or characteristics for products, or related processes and production methods and related management systems. Voluntary Consensus Standards are developed or adopted by domestic and international voluntary consensus standard making bodies ( e.g., International Organization for Standardization (ISO) and ASTM-International). See OMB Circular A-119.
Warranty means a promise or affirmation given by a contractor to the Government regarding the nature, usefulness, or condition of the supplies or performance of services furnished under the contract.
Women-owned small business concern means—
(1) A small business concern—
(i) That is at least 51 percent owned by one or more women; or, in the case of any publicly owned business, at least 51 percent of the stock of which is owned by one or more women; and
(ii) Whose management and daily business operations are controlled by one or more women; or
(2) A small business concern eligible under the Women-Owned Small Business Program in accordance with 13 CFR part 127 (see 19.107).
Women-Owned Small Business (WOSB) Program. (1) Women-Owned Small Business (WOSB) Program means a program that authorizes contracting officers to limit competition, including award on a sole-source basis, to—
(i) Economically disadvantaged women-owned small business (EDWOSB) concerns eligible under the WOSB Program for Federal contracts assigned a North American Industry Classification Systems (NAICS) code in an industry in which the Small Business Administration (SBA) has determined that WOSB concerns are underrepresented in Federal procurement; and
(ii) WOSB concerns eligible under the WOSB Program for Federal contracts assigned a NAICS code in an industry in which SBA has determined that WOSB concerns are substantially underrepresented in Federal procurement.
(2) Economically disadvantaged women-owned small business (EDWOSB) concern means a small business concern that is at least 51 percent directly and unconditionally owned by, and the management and daily business operations of which are controlled by, one or more women who are citizens of the United States and who are economically disadvantaged in accordance with 13 CFR part 127, and the concern is certified by SBA or an approved third-party certifier in accordance with 13 CFR 127.300. It automatically qualifies as a women-owned small business (WOSB) concern eligible under the WOSB Program.
(3) Women-owned small business (WOSB) concern eligible under the WOSB Program means a small business concern that is at least 51 percent directly and unconditionally owned by, and the management and daily business operations of which are controlled by, one or more women who are citizens of the United States, and the concern is certified by SBA or an approved third-party certifier in accordance with 13 CFR 127.300.
Writing or written (see “in writing”).
A list of acronyms, and abbreviations used in the FAR is available at https://www.acquisition.gov/far-acronyms.
Insert the clause at 52.202-1, Definitions, in solicitations and contracts including those for commercial products and commercial services, if the acquisition value exceeds the simplified acquisition threshold.
PART 4—ADMINISTRATIVE AND INFORMATION MATTERS
Sec. 4.000 Scope of part. 4.001 Definitions. 4.002 Electronic commerce in contracting. Subpart 4.1—Presolicitation 4.101 Contract files. Subpart 4.2—Solicitation, Evaluation, and Award 4.201 Unique procurement instrument identifiers. 4.202 Uniform use of line items. 4.202-1 Policy. 4.202-2 Establishing line items. 4.202-3 Establishing subline items. 4.202-4 Required data elements for line items and subline items. 4.202-5 Exceptions to required data elements. 4.203 System for Award Management. 4.203-1 Policy. 4.203-2 Procedures. 4.204 Taxpayer identification information. 4.205 Personal identity verification. 4.206 Contracting officer's signature. 4.207 Contractor's signature. 4.208 Solicitation provisions and contract clauses. Subpart 4.3—Postaward 4.301 Contract distribution. 4.302 Contract reporting. 4.303 Personal identity verification. 4.304 Service contracts inventory. 4.305 System for Award Management. 4.306 Contractor identification. 4.307 Executive compensation. 4.308 Payment office. 4.309 Contract closeout. 4.309-1 Procedures for closing out contract files. 4.309-2 Contract closeout by the office administering the contract. 4.310 Storage, handling, and contract files. Subpart 4.4—Contractor Records Retention 4.400 Scope of subpart. 4.401 Purpose. 4.402 Applicability. 4.403 Policy. 4.404 Calculating retention periods. 4.405 Specific retention periods.
Authority:
41 U.S.C. 1121(b); 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
This part prescribes policies and procedures relating to the administrative aspects of contract execution, contractor-submitted documents, reporting, retention, and files.
As used in this part—
Activity Address Code means a distinct six-position code consisting of a combination of alpha and/or numeric characters assigned to identify specific agency offices, units, activities, or organizations by GSA for civilian agencies and by DoD for defense agencies.
Executive means officers, managing partners, or any other employees in management positions.
First-tier subcontract means a subcontract awarded directly by the contractor to acquire supplies or services (including construction), other than for commercial products or commercial services, for performing a prime contract. It does not include the contractor's supplier agreements with vendors, such as long-term arrangements for materials or supplies that benefit multiple contracts and/or the costs of which are normally applied to a contractor's general and administrative expenses or indirect costs.
Generic entity identifier means an identifier assigned to a category of vendors, not specific to any individual or entity.
Agencies must use electronic commerce to the maximum extent that is practicable and cost-effective, see 41 U.S.C. 2301.
Subpart 4.1—Presolicitation
(a) Each office performing contracting, contract administration, or paying functions must establish a file containing the records of each solicitation and contractual action.
(b) The file documentation must comprehensively record the transaction history to ensure—
(1) A complete background is available for making informed decisions at each step in the acquisition process;
(2) There is clear support for all actions taken;
(3) Necessary information is accessible for reviews and investigations; and
(4) Essential facts are available in case litigation or congressional inquiries arise.
Subpart 4.2—Solicitation, Evaluation, and Award
(a) Agencies must use a procurement instrument identifier (PIID) unique Governmentwide to identify each solicitation, contract, agreement, or order. The PIID must be used in all related procurement actions including forms and electronic generated formats.
(b) The PIID consists of a combination of thirteen to seventeen alpha and/or numeric characters sequenced to convey certain information. Do not use special characters (such as hyphens, dashes, or spaces).
(1) Positions 1 through 6. Use the issuing office Activity Address Code to identify the department/agency and office issuing the instrument.
(2) Positions 7 through 8. Use the last two digits of the fiscal year in which the procurement instrument is issued or awarded ( i.e., signed).
(3) Position 9. Use one of the upper-case letters according to Table 4-1. Departments and independent agencies may assign those letters identified for department use in Table 4-1 according to agency policy; however, any use must be applied to the entire department or agency.
| Instrument | Letter designation |
|---|---|
| (i) Blanket purchase agreements | A |
| (ii) Invitations for bids | B |
| (iii) Contracts of all types except indefinite-delivery contracts | C |
| (iv) Indefinite-delivery contracts (including Federal Supply Schedules, Governmentwide acquisition contracts (GWACs), and multi-agency contracts) | D |
| (v) Reserved for future Federal Governmentwide use | E |
| (vi) Task orders, delivery orders or calls under— | F |
| • Indefinite-delivery contracts (including Federal Supply Schedules, GWACs, and multi-agency contracts); | |
| • Blanket purchase agreements; or | |
| • Basic ordering agreements. | |
| (vii) Basic ordering agreements | G |
| (viii) Agreements, including basic agreements and loan agreements, but excluding blanket purchase agreements, basic ordering agreements, and leases. Do not use this code for contracts or agreements with provisions for orders or calls | H |
| (ix) Do not use this letter | I |
| (x) Reserved for future Federal Governmentwide use | J |
| (xi) Reserved for departmental or agency use | K |
| (xii) Lease agreements | L |
| (xiii) Reserved for departmental or agency use | M |
| (xiv) Reserved for departmental or agency use | N |
| (xv) Do not use this letter | O |
| (xvi) Purchase orders (assign V if numbering capacity of P is exhausted during a fiscal year) | P |
| (xvii) Requests for quotations (assign U if numbering capacity of Q is exhausted during a fiscal year) | Q |
| (xviii) Requests for proposals | R |
| (xix) Reserved for departmental or agency use | S |
| (xx) Reserved for departmental or agency use | T |
| (xxi) See Q, requests for quotations | U |
| (xxii) See P, purchase orders | V |
| (xxiii) Reserved for future Federal Governmentwide use | W |
| (xxiv) Reserved for future Federal Governmentwide use | X |
| (xxv) Imprest fund | Y |
| (xxvi) Reserved for future Federal Governmentwide use | Z |
(4) Positions 10 through 17. Use the number assigned by the issuing agency in these positions. Agencies may choose between four and eight characters to be used, but the same number of characters must be used agencywide. Do not use leading or trailing zeroes to equal the maximum in any system or data transmission. A separate series of numbers may be used for any type of instrument listed in paragraph (b)(3) of this section. An agency may reserve blocks of numbers or alpha-numeric numbers for its various components to use.
(c) Agencies must use a non-unique identifier for a procurement action ( i.e., supplementary PIID) that is used with the PIID. The supplementary PIID is used to identify amendments to solicitations and modifications to contracts, orders, and agreements. The supplementary PIID is reported as a separate data element used with, but not appended to, the PIID.
(1) Amendments to solicitations. Use a four-position numeric serial number in addition to the 13-17-character PIID beginning with 0001.
(2) Modifications to contracts, orders, and agreements. Use a six-position alpha, numeric, or a combination of both, in addition to the 13-17-character PIID. For example, a modification could be numbered P00001.
(i) Position 1. Use the letter P if the modification is issued by the procuring contracting office. Use the letter A if the modification is issued by the contract administration office (if other than the procuring contracting office).
(ii) Positions 2 through 6. These positions may be alpha, numeric, or a combination of both, according to agency procedures.
(iii) Each office authorized to issue modifications must assign the supplementary identification numbers in sequence (unless provided otherwise in agency procedures). Do not assign the numbers until the contracting officer determines that a modification is to be issued.
(d)(1) Agencies must not change the PIID unless one of the following circumstances applies:
(i) The PIID serial numbering system is exhausted.
(ii) Continued use of a PIID is administratively burdensome ( e.g., for implementing new agency contract writing systems).
(iii) The contract is transferred between contracting departments.
(2) If one of the circumstances described at 4.201(d)(1) applies, the contracting officer may assign a new PIID by issuing an administrative contract modification. The modification must identify both the original and the newly assigned PIID.
(a) Procurement instruments must identify the supplies or services to be acquired as separately identified line items and, as needed, subline items.
(b) Line items—
(1) Are established to define deliverables or organize information about deliverables;
(2) Describe characteristics for the item purchased, e.g., pricing, delivery, and funding information; and
(3) May be subdivided into separate unique subsets (called subline items) to ease administration. Subline items are established to define deliverables (deliverable subline items) or organize information about deliverables (informational subline items). If a line item has deliverable subline items, the line item itself is informational.
Establish separate line items for deliverables that have the following characteristics except as provided at 4.202-5:
(a) Separately identifiable.
(1) A supply is separately identifiable if it has its own identification ( e.g., national stock number, item description, manufacturer's part number).
(2) Services are separately identifiable if they have no more than one statement of work or performance work statement.
(3) If the procurement instrument involves a first article (see part 9), establish a separate line item for each item requiring a separate approval. If the first article consists of a lot composed of a mixture of items that will be approved as a single lot, a single line item may be used.
(b) Single unit price or total price.
(c) Single accounting classification citation. A single deliverable may be funded by multiple accounting classifications when the deliverable effort cannot be otherwise subdivided.
(d) Separate delivery schedule, destination, period of performance, or place of performance.
(e) Single contract pricing type ( e.g., fixed-price or cost-reimbursement).
Subline items may be used to facilitate tracking of performance, deliverables, payment, and contract funds accounting or for other management purposes. The list of characteristics at 4.202-2 applies to deliverable subline items, but it is not applicable to informational subline items. A line item with subline items must contain only that information that is common to all subline items thereunder. All subline items under one line item must be the same contract type as the line item.
(a) Deliverable subline items. Deliverable subline items may be used for several related items that require separate identification. For example, instead of establishing multiple separate line items, subline items may be established for—
(1) Items that are basically the same, except for minor variations such as—
(i) Size or color;
(ii) Accounting classification, but see also 4.202-4(a)(4); or
(iii) Date of delivery, destination, or period or place of performance;
(2) Separately priced collateral functions that relate to the primary product, such as packaging and handling, or transportation; or
(3) Items to be separately identified at the time of shipment or performance.
(b) Informational subline items. (1) Informational subline items may be used by agencies for administrative purposes. This type of subline item identifies information that relates directly to the line item and is an integral part of it ( e.g., parts of an assembly or parts of a kit).
(2) Position informational subline items within the line item description, not in the quantity or price fields.
(a) Except as provided in 4.202-5, each line item or subline item must include in the schedule (or in a comparable section of the procurement instrument), at a minimum, the following information as separate, distinct data elements:
(1) Line item or subline item number established in accordance with agency procedures.
(2) Description of what is being purchased.
(3) Product and Service Code (PSC).
(4) Accounting classification citation.
(i) Line items or deliverable subline items. If multiple accounting classifications for a single deliverable apply, include the dollar amount for each accounting classification in the schedule (or a comparable section of the procurement instrument).
(ii) Informational subline items. An accounting classification citation is not required. (See 4.202-3).
(5)(i) For fixed-price line items:
(A) Unit of measure.
(B) Quantity.
(C) Unit price.
(D) Total price.
(ii) For cost-reimbursement line items:
(A) Unit of measure.
(B) Quantity.
(C) Estimated cost.
(D) Fee (if any).
(E) Total estimated cost plus any fee.
(b) If a contract contains a combination of fixed-price, time-and-materials, labor-hour, or cost- reimbursement line items, identify the contract type for each line item in the schedule (or a comparable section of the procurement instrument) to facilitate payment.
(c) Each deliverable line item or deliverable subline item must have its own delivery schedule, destination, period of performance, or place of performance expressly stated in the appropriate section of the procurement instrument (“as required” constitutes an expressly stated delivery term). When a line item has deliverable subline items, identify the delivery schedule, destination, period of performance, or place of performance at the subline item level, rather than the line item level.
(d) Terms and conditions in other sections of the contract (such as contract clauses or payment instructions) must also specify applicability to individual line items if not applicable to the contract as a whole.
(a) Indefinite-delivery contracts —(1) General. The following required data elements are not known at time of issuance of an indefinite-delivery contract; however, each order must provide them at issuance: accounting classification, delivery date and destination, or period and place of performance.
(2) Indefinite-delivery indefinite-quantity (IDIQ) and requirements contracts. (i) IDIQ and requirements contracts may omit the quantity at the line item level for the base award provided that the total contract minimum and maximum, or the estimate, respectively, is stated.
(ii) Multiple-award IDIQ contracts awarded using the procedures at parts 13 or 15 may omit price or cost at the line item or subline item level for the contract award, provided that the total contract minimum and maximum is stated (see part 16).
(b) Item description and PSC. These data elements are not required in the line item if there are associated deliverable subline items that include the actual detailed identification. When this exception applies, use a general narrative description for the line item.
(c) Single unit price or single total price. The requirement for a single unit price or single total price at the line item level does not apply if any of the following conditions are present:
(1) There are associated deliverable subline items that are priced.
(2) The line item or subline item is not separately priced.
(3) The supplies or services are being acquired on a cost-reimbursement, time-and-materials, or labor-hour basis.
(4) The procurement instrument is for services and firm prices have been established for elements of the total price, but the actual number of the elements is not known until performance. The contracting officer may structure these procurement instruments to reflect a firm or estimated total amount for each line item.
(a) The System for Award Management (SAM) at https://www.sam.gov is the primary method used to collect the following information from entities interested in obtaining Federal Government contracts:
(1) Identifying information about the entity, to issue the unique entity identifier (UEI) and Commercial and Government Entity (CAGE) code;
(2) Entity-level representations and certifications (see 52.204-7(c)(1)); and
(3) Information necessary to receive payment under a contract, collect debts, or for Government reporting purposes, such as taxpayer information required by 31 U.S.C. 7701(c) and 3325(d); 26 U.S.C. 6041, 6041A, and 6050M; and implementing regulations issued by the Internal Revenue Service (IRS).
(b) Offerors or quoters are required to have an active Federal Government contracts registration in SAM when they submit an offer or quotation, and at the time of award, except for—
(1) Micro-purchases that use a Governmentwide commercial purchase card as the method of purchase and payment;
(2) Micro-purchases that do not use the electronic funds transfer (EFT) method for payment and are not required to be reported in SAM Contract Awards;
(3) Classified contracts when registration in SAM could compromise the safeguarding of classified information or national security;
(4) Contracts awarded without providing full and open competition due to unusual or compelling urgency;
(5) Contracts awarded by—
(i) Deployed contracting officers supporting military operations including, but not limited to, contingency operations as defined in 10 U.S.C. 101(a)(13) or humanitarian or peacekeeping operations as defined in 10 U.S.C. 3015(2);
(ii) Contracting officers located outside the United States and its outlying areas supporting diplomatic or developmental operations; or
(iii) Contracting officers supporting emergency operations, such as responses to natural or environmental disasters, or national or civil emergencies;
(6) Contracts with individuals for performance outside the United States and its outlying areas; and
(7) Contract actions at or below $40,000 awarded to foreign vendors for work performed outside the United States, if it is impractical to obtain SAM registration.
(c) For contracts described under paragraph (b)(4) of this section, the contractor must register in SAM within 30 days after contract award or at least three days before submitting the first invoice, whichever occurs first.
(d) For contracts or agreements described under paragraph (b)(5) of this section, if practical, the contracting officer must modify the contract to require SAM registration.
(e) When SAM registration is not required, the contracting officer must collect certain offeror identifying information and entity-level representations and certifications at the time of receipt of an offer or quotation (see 4.203-2(a)(2)).
(f) Agencies must protect against improper disclosure of nonpublic information contained in SAM.
(a) At the time an offer or quotation is submitted—
(1) Use the offeror or quoter's UEI to verify that the entity has an active Federal Government contracts registration in SAM, and document the date of SAM verification in the contract file; or
(2) If a solicitation does not require registration in SAM—
(i) Review the information provided in response to the provision at 52.204-XX, Offeror Identification, and validate the CAGE code using the CAGE code search feature at https://cage.dla.mil; and
(ii) Verify the offeror has included in its offer the entity-level representations and certifications required by each provision in 52.204-7(c)(1) that is included in the solicitation.
(b) Use the legal business name or “doing business as” name and physical address in SAM for the successful offeror's UEI to identify the contractor in the award document and all corresponding forms and data exchanges. Do not change data retrieved from SAM.
(a) Agencies must collect the taxpayer identification number (TIN) to comply with the following statutory requirements—
(1) Debt collection. 31 U.S.C. 7701(c) requires each contractor doing business with a Government agency to furnish its TIN to that agency. 31 U.S.C. 3325(d) requires the Government to include the TIN of the contractor receiving payment with each certified voucher. The Government may use the TIN to collect and report on any delinquent amounts arising out of the contractor's relationship with the Government.
(2) Information reporting to the IRS. The TIN is required for Government reporting of certain contract information and payment information to the IRS. 26 U.S.C. 6109 requires a contractor to provide its TIN if a Form 1099 is required. The payment office is responsible for submitting reports to the IRS.
(b) Contracting officers will obtain the TIN from—
(1) SAM if offerors are required to be registered in SAM, see 4.203-2(a)(1) and 52.204-7; or
(2) Offers if offerors are not required to be registered in SAM, see 4.203-2(a)(2) and 52.204-XX.
(a) Agencies must include their implementation of Homeland Security Presidential Directive-12 and the Federal Information Processing Standards Publication (FIPS PUB) Number 201 in solicitations and contracts that require the contractor to have routine physical access to a Federally-controlled facility and/or routine access to a Federal information system. For information on personal identity verification (PIV) products and services see http://www.idmanagement.gov.
(b) When acquiring PIV products and services not using the GSA Federal Supply Schedule for HSPD-12 Product and Service Components, agencies must ensure that the applicable products and services are approved as compliant with FIPS PUB 201 including—
(1) Certifying the products and services procured meet all applicable Federal standards and requirements;
(2) Ensuring interoperability and conformance to applicable Federal standards for the lifecycle of the components; and
(3) Maintaining a written plan for ensuring ongoing conformance to applicable Federal standards for the lifecycle of the components.
Only contracting officers can sign contracts on behalf of the United States. The contracting officer's name and official title must be typed, stamped, or printed on the contract. The contracting officer normally signs the contract after the contractor has signed it. A digital signature using a certificate from the PIV or Common Access Card (CAC) assigned to the contracting officer is considered acceptable as a written signature.
(a) Individuals. A contract with an individual must be signed by that individual. A contract with an individual doing business as a firm must be signed by that individual, and the signature must be followed by the individual's typed, stamped, or printed name and the words “, an individual doing business as ____” [ insert name of firm ].
(b) Partnerships. A contract with a partnership must be signed in the partnership name. Before signing for the Government, the contracting officer must obtain a list of all partners and ensure that the individual(s) signing for the partnership have authority to bind the partnership.
(c) Corporations. A contract with a corporation must be signed in the corporate name, followed by the word “by” and the signature and title of the person authorized to sign. The contracting officer must ensure that the person signing for the corporation has authority to bind the corporation.
(d) Joint venturers. A contract with joint venturers may involve any combination of individuals, partnerships, or corporations. The contract must be signed by each participant in the joint venture in the manner prescribed in paragraphs (a) through (c) of this section for each type of participant. When a corporation is participating, the contracting officer must verify that the corporation is authorized to participate in the joint venture.
(e) Agents. When an agent is to sign the contract, other than as stated in paragraphs (a) through (d) of this section, the agent's authorization to bind the principal must be established by evidence that satisfies the contracting officer.
(f) Digital signatures. Contractor's digital signatures are acceptable as a written signature when using authentication and/or signature certificates from a PIV or CAC obtained from a credentialed organization.
(a) Insert the provision at 52.204-5, Women-Owned Business (Other Than Small Business), in solicitations, including those for commercial products and commercial services, that—
(1) Are not set aside for small business concerns;
(2) Exceed the simplified acquisition threshold (SAT); and
(3) Are for contracts that will be performed in the United States or its outlying areas.
(b) When offerors are required to be registered in SAM, insert—
(1) The provision at 52.204-7, System for Award Management—Registration, in solicitations, including those for commercial products and commercial services.
(i) Do not separately include the provisions listed in paragraph (c)(1) of the provision at 52.204-7.
(ii) Use the provision with its Alternate I for acquisitions described at 4.203-1(b)(4); and
(2) The clause at 52.204-13, System for Award Management—Maintenance, in solicitations and contracts, including those for commercial products and commercial services. Use the clause with its Alternate I for acquisitions described at 4.203-1(b)(4).
(c) When offerors are not required to be registered in SAM, insert—
(1) In solicitations, including those for commercial products and commercial services—
(i) The provision at 52.204-XX, Offeror Identification; and
(ii) Each provision listed in paragraph (c)(1) of the provision at 52.204-7, if applicable based on each provision prescription; and
(2) In solicitations and contracts, including those for commercial products and commercial services, the clause at 52.204-YY, Contractor Identification.
(d) Insert the clause at 52.204-9, Personal Identity Verification of Contractor Personnel, in solicitations and contracts, including those for commercial products (other than commercially available off-the-shelf items) or commercial services, when contract performance requires contractors to have routine physical access to a Federally-controlled facility and/or routine access to a Federal information system.
(e) Insert the clause at 52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards, in solicitations and contracts, other than those for commercial products or commercial services, if the acquisition value exceeds $40,000 and the award is required to be reported in SAM Contract Awards Management.
(f)(1) The clauses in paragraphs (f)(2) and (3) of this section provide requirements for obtaining information from agency service contractors. The clauses are not required for—
(i) Actions entirely funded by DoD;
(ii) Contracts for commercial services; or
(iii) Classified solicitations, contracts, or orders.
(2) Insert the clause at 52.204-14, Service Contract Reporting Requirements, in solicitations and contracts for services other than commercial services if the acquisition value is at or more than the thresholds at 4.304(b), excluding indefinite-delivery contracts.
(3) Insert the clause at 52.204-15, Service Contract Reporting Requirements for Indefinite-Delivery Contracts, in solicitations and indefinite-delivery contracts for services, excluding commercial services, if one or more orders are expected to be at or more than the thresholds at 4.304(b).
(g) Insert the clause at 52.204-19, Incorporation by Reference of Representations and Certifications, in all solicitations and contracts, including those for commercial products and commercial services.
Subpart 4.3—Postaward
Distribute executed contracts or modifications within 10 working days to the contractor, and to appropriate parties ( e.g., payment office—and see 4.308) according to agency regulations.
(a) As required by 41 U.S.C. 1122 and 1712, SAM Contract Awards Management provides a comprehensive web-based tool for agencies to report contract actions.
(1) At a minimum, agencies must report—
(i) The following contract actions exceeding the micro-purchase threshold, regardless of solicitation process used:
(A) Definitive contracts, including purchase orders and imprest fund buys awarded by a contracting officer.
(B) Indefinite delivery vehicle (identified as an “IDV” in SAM Contract Awards Management) and all calls and orders awarded under it; and
(ii) Any modification to the contract actions in paragraph (a)(1)(i) that change previously reported contract action data, regardless of dollar value.
(2) Agencies may submit actions other than those listed at paragraph (a)(1) of this section if approved in writing by OFPP.
(3) Agencies will not report the following types of contract actions:
(i) Imprest fund transactions below the micro-purchase threshold, including those made via the Government purchase card (unless specific agency procedures prescribe reporting these actions).
(ii) Orders from the GSA stock and the GSA Global Supply Program.
(iii) Purchases made at GSA or AbilityOne service stores, as these items stocked for resale have already been reported by GSA.
(iv) Purchases made using non-appropriated fund activity cards, chaplain fund cards, individual Government personnel training orders, and Defense Printing orders.
(v) Actions that, according to other authority, will not be entered into SAM Contract Awards Management ( e.g., reporting of the information would compromise national security).
(vi) Contract actions in which the required data would constitute classified information.
(vii) Resale activity ( i.e., commissary or exchange activity).
(viii) Revenue generating arrangements ( i.e., concessions).
(ix) Training expenditures not issued as orders or contracts.
(x) Interagency agreements other than interagency acquisitions required to be reported.
(xi) Letters of obligation used in the A-76 process.
(b) Agencies awarding assisted acquisitions or direct acquisitions must report these actions and identify the Program/Funding Agency and Office Codes from the applicable agency codes maintained by each agency in SAM. These codes represent the agency and office that has provided the predominant amount of funding for the contract action. For assisted acquisitions, the requesting agency will receive socioeconomic credit for meeting agency small business goals, where applicable. Requesting agencies must provide the appropriate agency/bureau component code as part of the written interagency agreement between the requesting and servicing agencies (see part 17).
(c) Agencies awarding contract actions with a mix of appropriated and non-appropriated funding must only report the full appropriated portion of the contract action in SAM Contract Awards Management.
(d) Agencies may consolidate, at least monthly, multiple action reports for a vendor when it would be overly burdensome to report each action individually.
(e)(1) Agencies may use a generic entity identifier, rather than an entity's assigned UEI, for—
(i) Contract actions valued at or below $40,000 that are awarded to a contractor that is—
(A) A student;
(B) A dependent of either a veteran, foreign Service officer, or military member assigned outside the United States and its outlying areas; or
(C) Located outside the United States and its outlying areas for work to be performed outside the United States and its outlying areas and the contractor does not otherwise have a UEI;
(ii) Contracts valued above $40,000 awarded to individuals located outside the United States and its outlying areas for work to be performed outside the United States and its outlying areas; or
(iii) Contracts when specific public identification of the contracted party could endanger the mission, contractor, or recipients of the acquired goods or services. The contracting officer must include a written determination in the contract file of a decision applicable to authority under this paragraph (e)(1)(iii).
(2) The Integrated Award Environment program office will maintain the list of generic entity identifiers that agencies may use.
(f)(1) The Senior Procurement Executive in coordination with the head of the contracting activity is responsible for developing and monitoring a process to ensure timely and accurate reporting of contractual actions to SAM Contract Awards Management.
(2)(i) The contracting officer awarding the contract action is responsible for accurately completing the individual contract action report (CAR). Unpublished CARs in SAM Contract Awards Management are not considered complete.
(ii) Complete the CAR in SAM Contract Awards Management within three business days after contract award.
(iii) Complete the CAR for any action awarded without providing full and open competition due to unusual or compelling urgency or according to any of the emergency acquisition flexibilities within 30 days after contract award.
(3) The chief acquisition officer of each agency required to report its contract actions must submit to OFPP within 120 days after the end of each fiscal year, an annual certification of whether, and to what degree, agency CAR data for the preceding fiscal year is complete and accurate.
Agency procedures for the return of PIV products must ensure that Government contractors account for all forms of Government-provided identification issued to Government contractor employees under a contract, i.e., the PIV cards or other similar badges, and must ensure that contractors return such identification to the issuing agency as soon as any of the following occurs, unless otherwise determined by the agency:
(a) When no longer needed for contract performance.
(b) Upon completion of a contractor employee's employment.
(c) Upon contract completion or termination.
(a) Requirement. As required by section 743(a) of Division C of the Consolidated Appropriations Act, 2010 (31 U.S.C. 501 note) (Pub. L. 111-117), agencies covered by the Federal Activities Inventory Reform Act (Pub. L. 105-270), except DoD, must submit annually to OMB an inventory of activities performed by service contractors. The information reported in the inventory will be publicly accessible.
(b) Contractor reporting requirements thresholds.
(1) Service contractor reporting is required for contracts and first-tier subcontracts for services, excluding commercial services, based on type of contract and estimated total value. For indefinite-delivery contracts, the contracting officer must determine the reporting requirements based on the type and estimated total value of each order under the contract.
(2) Reporting is required according to the following thresholds:
(i) Cost-reimbursement, time-and-materials, and labor-hour service contracts and orders with an estimated total value exceeding the SAT.
(ii) Fixed-price service contracts awarded and orders with an estimated total value of $500,000 or more.
(c) Agency reporting responsibilities.
(1) Agencies must compile annually an inventory of service contracts performed for, or on behalf of, the agency during the previous fiscal year to determine the extent of the agency's reliance on service contractors.
(2) Agencies must review contractor-reported information for reasonableness and consistency with available contract information. Authorized agency officials may review the reports at https://www.sam.gov. The agency is not required to address data for which the agency would not normally have supporting information. If revisions to the contractor-reported information are warranted, the agency must notify the contractor. The contractor must revise the report, or document its rationale for the agency. The contractor-provided information is meant to supplement agency annual service contract reporting. Agencies must post the inventory on its website and publish a Federal Register Notice of Availability.
(a) Contractors must maintain throughout the life of the contract through final payment—
(1) Their registration, if they are required to be registered in SAM; or
(2) Their identifying information, if they are not required to be registered in SAM.
(b) Contracting officers must validate the contractor has an active Federal Government contracts registration in SAM, if they are required to be registered in SAM, at the following times:
(1) For contracts described at 4.203-1(b)(4), within 30 days after contract award, or at least three days before submitting the first invoice, whichever occurs first.
(2) Before exercising any options on a contract.
(3) For novation and change-of-name agreements, see paragraph (c) of the clause at 52.204-13.
(4) For assignees for the purpose of assignment of claims, see paragraph (d) of the clause at 52.204-13.
(a) Contractors are required to maintain their UEI and CAGE code throughout the life of the contract.
(b) Contractors must communicate any change to their UEI or CAGE code to the contracting officer within 30 days after the change, so the contracting officer can issue a modification to update the UEI or CAGE code on the contract. A change in the UEI does not necessarily require a novation.
(a) Contractors subject to the clause at 52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards, must report certain data required by section 2 of the Federal Funding Accountability and Transparency Act of 2006 (Pub. L. 109-282), as amended by section 6202 of the Government Funding Transparency Act of 2008 (Pub. L. 110-252).
(b) Certain data reported in SAM Contract Awards Management will prepopulate certain fields in SAM to help contractors complete and submit their reports required by 52.204-10. If the SAM Contract Awards Management data is inaccurate, the contracting officer will correct the data.
Provide the payment office information required to make proper payments under a contract, at least the TIN, type of organization, the UEI, and, if applicable, the EFT indicator.
(a) The administrative closeout procedures must ensure that—
(1) Disposition of classified material is completed;
(2) Final patent report is cleared. If a final patent report is required, the contracting officer may proceed with contract closeout according to the following procedures, or as otherwise prescribed by agency procedures:
(i) Final patent reports should be cleared within 60 days of receipt.
(ii) If the final patent report is not received, the contracting officer must notify the contractor of the contractor's obligations and the Government's rights under the applicable patent rights clause, according to part 27. If the contractor fails to respond to this notification, the contracting officer may proceed with contract closeout upon consultation with the agency legal counsel responsible for patent matters regarding the contractor's failure to respond.
(3) Final royalty report is cleared;
(4) There is no outstanding value engineering change proposal;
(5) Plant clearance report is received;
(6) Property clearance is received;
(7) All interim or disallowed costs are settled;
(8) Price revision is completed;
(9) The prime contractor settles its subcontracts;
(10) Prior year indirect cost rates are settled;
(11) Termination docket is completed;
(12) Contract audit is completed;
(13) Contractor's closing statement is completed;
(14) Contractor's final invoice has been submitted; and
(15) Contract funds review is completed and excess funds deobligated.
(b) When the actions in paragraph (a) of this section have been verified, the contracting officer administering the contract must prepare a contract completion statement containing the following information:
(1) Contract administration office name and address (if different from the contracting office).
(2) Contracting office name and address.
(3) Contract number.
(4) Last modification number.
(5) Last call or order number.
(6) Contractor name and address.
(7) Dollar amount of excess funds, if any.
(8) Voucher number and date, if final payment has been made.
(9) Invoice number and date, if the final approved invoice has been forwarded to a disbursing office of another agency or activity and the status of the payment is unknown.
(10) A statement that all required contract administration actions have been fully and satisfactorily accomplished.
(11) Name and signature of the contracting officer.
(12) Date.
(c) When the statement is completed, the contracting officer must place—
(1) The signed original in the contracting office contract file (or forwarded to the contracting office for placement in the files if the contract administration office is different from the contracting office); and
(2) A signed copy in the appropriate contract administration file if administration is performed by a contract administration office.
(a)(1) The contract administration office must initiate administrative closeout of the contract after receiving evidence of its physical completion, except for contracts under paragraph (b)(1) of this section.
(2) Except as provided in paragraph (a)(3) of this section, contract physical completion occurs when—
(i)(A) The contractor has completed the required deliveries and the Government has inspected and accepted the supplies;
(B) The contractor has performed all services and the Government has accepted these services; and
(C) All option provisions, if any, have expired; or
(ii) The Government has given the contractor a notice of complete contract termination.
(3) Rental, use, and storage agreements physical completion occurs when—
(i) The Government has given the contractor a notice of complete contract termination; or
(ii) The contract period has expired.
(4) At the start of this process, the contract administration office must review the contract funds status and notify the contracting office of any excess funds the contract administration office might deobligate.
(b) Except as provided in paragraph (d) of this section, contract files should be closed according to Table 4-2.
| Files for: | Should be: |
|---|---|
| (1) Contracts using simplified acquisition procedures, except when using the fast payment procedures in part 32 | Considered closed when the invoice for the last deliverable has been paid. |
| (2)(i) Contracts using simplified acquisition procedures, and the fast payment procedures in part 32; or (ii) Firm-fixed-price contracts, other than those using simplified acquisition procedures. | Closed within 6 months after the date on which the contracting officer receives evidence of physical completion. |
| (3) Contracts requiring settlement of indirect cost rates | Closed within 36 months of the month in which the contracting officer receives evidence of physical completion. |
| (4) All other contracts | Closed within 20 months of the month in which the contracting officer receives evidence of physical completion. |
(c) The closeout actions in paragraph (b) of this section may be modified to reflect the extent of administration that has been performed. Use quick closeout procedures (see part 42), when appropriate, to reduce administrative costs and to enable deobligation of excess funds.
(d) Do not close a contract file if—
(1) The contract is in litigation or under appeal; or
(2) In the case of a termination, all termination actions have not been completed.
(a) Agencies must keep acquisition records according to Table 4-3. This requirement also applies to record copies stored on alternate media when original documents have been converted to alternate media for storage.
| Record | Retention period |
|---|---|
| (1) Contracts (and related records or documents, including successful and unsuccessful proposals, except see paragraph (a)(2) of this section regarding contractor payrolls submitted under construction contracts.) | 6 years after final payment. |
| (2) Contractor's payrolls submitted under construction contracts according to Department of Labor regulations (29 CFR 5.5(a)(3)), with related certifications, anti-kickback affidavits, and other related records | 3 years after contract completion unless contract performance is the subject of an enforcement action on that date (see paragraph (a)(7) of this section). |
| (3) Unsolicited proposals not accepted by a department or agency | Retain according to agency procedures. |
| (4) Files for canceled solicitations | 6 years after cancellation. |
| (5) Other copies of procurement file records used for administrative purposes | When business use ceases. |
| (6) Data submitted to SAM Contract Awards Management. Electronic data file maintained by fiscal year, containing unclassified records of all procurements exceeding the micro-purchase threshold, and information required under 4.302 | 6 years after submittal to SAM Contract Awards Management. |
| (7) Investigations, cases pending or in litigation (including protests), or similar matters (including enforcement actions) | Until final clearance or settlement, or, if related to a document identified in paragraphs (a)(1) through (6) of this section, for the retention period specified for the related document, whichever is later. |
| (8) Contracts involving Small Business Innovation Research/Small Business Technology Transfer data rights which include the clause at 52.227-30 | 20 years after contract award, or at the end of the protection period as specified in 52.227-30 as it appears in the contract, whichever is later. |
(b) Agencies must prescribe procedures for the handling, storing, and disposing of contract files, according to the National Archives and Records Administration (NARA) General Records Schedule 1.1, Financial Management and Reporting Records. The Financial Management and Reporting Records can be found at http://www.archives.gov/records-mgmt/grs.html. The procedures should conform with the regulatory requirements in paragraph (a) of this section, which have been acknowledged and approved by NARA in its guidance.
(c) If administrative records are mixed with program records and cannot be reasonably separated, keep the entire file for the period approved for the program records. Similarly, if documents described in Table 4-3 are part of a subject or case file that documents activities not described in the table, maintain them with the subject or case file.
Subpart 4.4 Contractor Records Retention
This subpart provides policies and procedures for contractors to retain records to meet the records review requirements of the Government. In this subpart, the terms “contracts” and “contractors” include “subcontracts” and “subcontractors.”
The purpose of this subpart is to generally describe records retention requirements and to allow reductions in the retention period for specific classes of records under prescribed circumstances.
(a) This subpart applies to records generated under contracts that contain one of the following clauses:
(1) Audit and Records—Sealed Bidding (52.214-26).
(2) Audit and Records—Negotiation (52.215-2).
(b) This subpart is not mandatory on Department of Energy contracts for which the Comptroller General allows alternative records retention periods. Apart from this exception, this subpart applies to record retention periods under contracts that are subject to 10 U.S.C. chapter 137 legacy provisions (10 U.S.C. 3064) and 10 U.S.C. 3016 and chapter 203 or 40 U.S.C. 101, et seq.
(a) Except as stated in 4.403(b), contractors must make available records, which includes books, documents, accounting procedures and practices, and other data, regardless of type and regardless of whether such items are in written form, in the form of computer data, or in any other form, and other supporting evidence to satisfy contract negotiation, administration, and audit requirements of the contracting agencies and the Comptroller General for—
(1) 3 years after final payment; or
(2) For certain records, the period specified in 4.405, whichever of these periods expires first.
(b) Contractors must make available the foregoing records and supporting evidence for a longer period than is required in 4.403(a) if—
(1) A retention period longer than that cited in 4.403(a) is specified in any contract clause; or
(2) The contractor, for its own purposes, retains the foregoing records and supporting evidence for a longer period. Under this circumstance, the retention period must be the period of the contractor's retention or 3 years after final payment, whichever period expires first.
(3) The contractor does not meet the original due date for submission of final indirect cost rate proposals specified in paragraph (d)(2) of the clause at 52.216-7, Allowable Cost and Payment. Under these circumstances, the retention periods in 4.405 must be automatically extended one day for each day the proposal is not submitted after the original due date.
(c) Nothing in this section must be construed to preclude a contractor from duplicating or storing original records in electronic form unless they contain significant information not shown on the record copy. Original records need not be maintained or produced in an audit if the contractor or subcontractor provides photographic or electronic images of the original records and meets the following requirements:
(1) The contractor or subcontractor has established procedures to ensure that the imaging process preserves accurate images of the original records, including signatures and other written or graphic images, and that the imaging process is reliable and secure to maintain the integrity of the records.
(2) The contractor or subcontractor maintains an effective indexing system to permit timely and convenient access to the imaged records.
(3) The contractor or subcontractor retains the original records for a minimum of one year after imaging to permit periodic validation of the imaging systems.
(d) If the information described in paragraph (a) of this section is maintained on a computer, contractors must retain the computer data on a reliable medium for the time periods prescribed. Contractors may transfer computer data in machine readable form from one reliable computer medium to another. Contractors' computer data retention and transfer procedures must maintain the integrity, reliability, and security of the original computer data. Contractors must also retain an audit trail describing the data transfer. For the record retention time periods prescribed, contractors must not destroy, discard, delete, or write over such computer data.
(a) The retention periods in 4.405 are calculated from the end of the contractor's fiscal year in which an entry is made charging or allocating a cost to a Government contract or subcontract. If a specific record contains a series of entries, the retention period is calculated from the end of the contractor's fiscal year in which the final entry is made. The contractor should cut off the records in annual blocks and retain them for block disposal under the prescribed retention periods.
(b) When a contractor relies upon records generated during a prior contract for certified cost or pricing data in negotiating a succeeding contract, the prescribed periods must run from the date of the succeeding contract.
(c) If two or more of the record categories described in 4.405 are interfiled and screening for disposal is not practical, the contractor must retain the entire record series for the longest period prescribed for any category of records.
The contractor must retain records according to Table 4-4.
| Category | Record type | Retention period |
|---|---|---|
| Financial and cost accounting records | Accounts receivable invoices, adjustments to the accounts, invoice registers, carrier freight bills, shipping orders, and other documents that detail the material or services billed on the related invoices | 4 years. |
| Material, work order, or service order files, consisting of purchase requisitions or purchase orders for material or services, or orders for transferring material or supplies | 4 years. | |
| Cash advance recapitulations, prepared as posting entries to accounts receivable ledgers for amounts of expense vouchers prepared for employees' travel and related expenses | 4 years. | |
| Paid, canceled, and voided checks, other than those issued for paying salary and wages | 4 years. | |
| Accounts payable records to support disbursements of funds for materials, equipment, supplies, and services, containing originals or copies of the following and related documents: remittance advices and statements, vendors' invoices, invoice audits and distribution slips, receiving and inspection reports or comparable certifications of receipt and inspection of material or services, and debit and credit memoranda | 4 years. | |
| Labor cost distribution cards or equivalent documents | 2 years. | |
| Petty cash records describing expenditures, to whom paid, name of person authorizing payment, and date, including copies of vouchers and other supporting documents | 2 years. | |
| Pay administration records | Payroll sheets, registers, or their equivalent, of salaries and wages paid to individual employees for each payroll period; change slips; and tax withholding statements | 4 years. |
| Clock cards or other time and attendance cards | 2 years. | |
| Paid checks, receipts for wages paid in cash, or other evidence of payments for services rendered by employees | 2 years. | |
| Acquisition and supply records | Store requisitions for materials, supplies, equipment, and services | 2 years. |
| Work orders for maintenance and other services | 4 years. | |
| Equipment records, consisting of equipment usage and status reports and equipment repair orders | 4 years. | |
| Expendable property records, reflecting accountability for receiving and using material to perform a contract | 4 years. | |
| Receiving and inspection report records, consisting of reports reflecting receipt and inspection of supplies, equipment, and materials | 4 years. | |
| Purchase order files for supplies, equipment, material, or services used to perform a contract; supporting documentation and backup files including, but not limited to, invoices, and memoranda, e.g., memoranda of negotiations showing the principal elements of subcontract price negotiations | 4 years. | |
| Production records of quality control, reliability, and inspection | 4 years. | |
| Property records (see part 45) | 4 years. |
PART 33—PROTESTS, DISPUTES, AND APPEALS
Sec. 33.000 Scope of part. Subpart 33.1—Protests 33.100 Purpose of the bid protest system. 33.101 Applicability. 33.102 Definitions. 33.103 General. 33.104 Protests to the agency. 33.104-1 Scope. 33.104-2 Preaward. 33.104-3 Postaward. 33.104-4 Other procedures. 33.105 Protests to GAO. 33.105-1 GAO Bid Protest Regulations. 33.105-2 Preaward. 33.105-3 Postaward. 33.105-4 Other procedures. 33.106 Protests at the U.S. Court of Federal Claims. 33.107 Solicitation provision and contract clause. Subpart 33.2—Disputes and Appeals 33.200 Scope. 33.201 Definitions. 33.202 Applicability. 33.203 The Disputes statute and Public Law 85-804. 33.204 Policy. 33.205 Postaward. 33.205-1 Contractor claim. 33.205-2 Contractor certification. 33.205-3 Interest on claims. 33.205-4 Suspected fraudulent claims. 33.205-5 Contracting officer's authority. 33.205-6 Contracting officer's decision. 33.205-7 Obligation to continue performance. 33.205-8 Alternative dispute resolution (ADR). 33.206 Contract clauses.
Authority:
41 U.S.C. 1121(b); 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
This part outlines policies and procedures for filing protests and for processing contract disputes and appeals.
Subpart 33.1—Protests
(a) The bid protest system provides a prompt, fair, and transparent way to resolve disputes concerning federal procurement actions.
(b) The objectives of the protest system are to:
(1) Ensure protests are decided efficiently and without undue delay, to minimize disruption to contract award and performance;
(2) Support the effective and economical operation of the Government by correcting procurement errors, as quickly as possible;
(3) Deter and discourage abuse of the bid protest process by requiring clear and substantiated allegations of procurement impropriety;
(4) Safeguard the rights of interested parties to obtain independent review of procurement actions alleged to violate law or regulation; and
(5) Promote integrity, competition, accountability, and public confidence in the federal acquisition system by using available, timely, and appropriate remedies.
(c) All participants in the protest process, including protesters, agency officials, and intervenors, should act in a manner consistent with these purposes to help resolve protests fairly and quickly.
(d) The protest process is not intended to serve as a way for offerors to get post-award explanations, or debriefings. Interested parties should address questions regarding the evaluation, award rationale, or proposal deficiencies through established preaward or postaward communication procedures, including formal debriefings where applicable under 15.206, 15.301, or other relevant FAR parts.
(e) An incumbent contractor should not use protests as a way to disrupt transition or induce contract extensions, unless legally and factually sufficient grounds for protest exist.
(a) This subpart applies to protests filed with an agency or the Government Accountability Office (GAO).
(b) This subpart, except for 33.100 and 33.103(c), does not apply to bid protest or dispute appeal authorities where the United States Court of Federal Claims has jurisdiction (see 28 U.S.C. 1491).
(c) This subpart does not apply to protests of small business status (see 13 CFR part 121).
As used in this subpart—
Day means a calendar day, unless otherwise specified. In the computation of any period—
(1) The day of the act, event, or default from which the designated period of time begins to run is not included; and
(2) The last day after the act, event, or default is included. However, if the last day is a Saturday, Sunday, or Federal holiday, or the place for filing is closed for all or part of the last day, then the deadline for filing is the next day the place is open.
Filed means the complete receipt of any document by an agency before its close of business. Documents received after close of business are considered filed as of the next day. Unless otherwise stated, the agency close of business is presumed to be 4:30 p.m., local time.
Interested Party for the purpose of filing a protest means an actual or prospective offeror whose direct economic interest would be affected by the award of a contract or by the failure to award a contract.
Protest means a written objection by an interested party to any of the following:
(1) A solicitation or other request by an agency for offers for a contract for the procurement of property or services.
(2) The cancellation of the solicitation or other request.
(3) An award or proposed award of the contract.
(4) A termination or cancellation of an award of the contract, if the written objection contains an allegation that the termination or cancellation is based in whole or in part on improprieties concerning the contract award.
(a) Consulting with legal counsel. Whenever a contracting officer becomes aware of a protest on one of their acquisitions, they should consult with their designated legal counsel.
(b) Agency action on protests. If the head of an agency determines that a solicitation, proposed award, or award does not comply with the requirements of law or regulation, then, according to 41 U.S.C. 3708, the head of the agency may—
(1) Take any action that could have been recommended by the Comptroller General had the protest been filed with the Government Accountability Office (see 31 U.S.C. 3554(b)(1)(A)(F);
(2) Pay appropriate costs as provided in 31 U.S.C. 3554(c);
(3)(i) Require the awardee to reimburse the Government's costs, where a postaward protest is sustained due to the awardee's intentional or negligent misstatement, misrepresentation, or miscertification, as described in 52.233-3.
(ii) When a protest is sustained by GAO under circumstances that may allow the Government to seek reimbursement for protest costs, the contracting officer will determine whether the protest was sustained based on the awardee's negligent or intentional misrepresentation. If the protest was sustained on several issues, protest costs must be apportioned according to the costs attributable to the awardee's actions.
(iii)(A) The contracting officer must review the amount of the debt, degree of the awardee's fault, and costs of collection, to determine whether a demand for reimbursement ought to be made.
(B) If it is in the best interests of the Government to seek reimbursement, the contracting officer must notify the awardee in writing of the nature and amount of the debt, and the intention to collect by offset if necessary.
(C) Before issuing a final decision, the contracting officer must give the awardee an opportunity to inspect and copy agency records about the debt to the extent permitted by statute and regulation, and to request review of the matter by the head of the contracting activity.
(c) Availability of funds. (1) When a protest is filed with GAO, the Court of Federal Claims, or an agency regarding a solicitation, proposed award, or award of a contract, and the agency's contract funds available at the time the protest is filed would otherwise lapse, those funds remain available for obligation for 100 days following the date of the final ruling on the protest (31 U.S.C. 1558).
(2) A ruling is considered final on the date on which the time allowed for filing an appeal or request for reconsideration has expired, or the date on which a decision is rendered on such appeal or request, whichever is later.
(d) Stop-work order. Whenever the contracting officer is required or decides to suspend performance under this subpart, the contracting officer must issue a written stop-work order, and must specifically identify it as a stop-work order issued under 52.233-3, Protest after Award.
(e) Contract transition. The contracting officer should document a finding when a protest is filed by an incumbent contractor that disrupts transition or induces an extension of their current contract (see 33.100(e)).
(a) This section implements Executive Order 12979, Agency Procurement Protests.
(b) The agency should provide for inexpensive, informal, procedurally simple, and quick resolution of protests. Where appropriate, the use of alternative dispute resolution techniques, third party neutrals, and another agency's personnel are acceptable protest resolution methods.
(a) Filing. Protests based on alleged apparent improprieties in a solicitation must be filed before bid opening or the closing date for receiving proposals. If no closing time has been established, or if no further submissions are anticipated, any alleged solicitation improprieties must be protested within 10 days of when the alleged impropriety was known or should have been known, whichever is earlier.
(b) Action upon receiving a protest before award. (1) A contract may not be awarded until the agency resolves the protest, unless a written justification is made for urgent and compelling reasons, or award is determined in writing to be in the best interest of the United States. Such justification must be approved at least one level above the contracting officer.
(2) If award is withheld pending agency resolution of the protest, the contracting officer will inform the offerors whose offers might become eligible for award of the contract. If appropriate to avoid the need to resolicit, the contracting officer should request that offerors extend the time to accept their proposals. If offers are not extended, then consideration should be given to proceeding with award pursuant to paragraph (b)(1) of this section.
(a)(1) Protests must be filed no later than 10 days after the basis of protest is known or should have been known, whichever is earlier, except when a timely debriefing is requested and when requested, is required. In such instances, the protest must not be filed before the debriefing date offered to the protester, but must be filed no later than ten days after the date the debriefing is held.
(2) If a protest is received within 10 days after contract award or within 5 days after a debriefing date offered to the protester under a timely debriefing request in accordance with 15.206-2 or 15.301-1, whichever is later, then the contracting officer must immediately suspend performance, pending resolution of the protest within the agency, including any independent review by a higher level official, unless continued performance is justified.
(b) Continued performance may be justified upon a written finding that there are urgent and compelling reasons, or continued performance is determined in writing to be in the best interest of the United States. Such justification must be approved at least one level above the contracting officer.
(a) General. These procedures are established to resolve agency protests effectively, to build confidence in the Government's acquisition system, and to reduce protests outside of the agency:
(1) Before submitting an agency protest, parties must use their best efforts to resolve concerns raised by an interested party at the contracting officer level through open and frank discussions.
(2) Protests must be concise and logically presented to facilitate review by the agency.
(3) Protests must include the following information. Failure to comply may result in dismissing the protest.
(i) Name, email address, and telephone number of the protester.
(ii) Solicitation or contract number.
(iii) Detailed statement of the legal and factual grounds for the protest, including a description of resulting prejudice to the protester.
(iv) Copies of relevant documents.
(v) Request for a ruling by the agency.
(vi) Statement as to the form of relief requested.
(vii) All information establishing that the protester is an interested party for the purpose of filing a protest.
(viii) All information establishing the timeliness of the protest.
(4)(i) Protests filed directly with the agency will be addressed to the contracting officer or other official designated to receive protests.
(ii) As soon as practicable after a protest is filed, the contracting officer must notify the head of the contracting activity, in accordance with agency procedures.
(5)(i) In accordance with agency procedures, interested parties may request an independent review of their protest at a level above the contracting officer; solicitations should advise potential bidders and offerors that this review is available.
(ii) Agency procedures and/or solicitations must—
(A) Notify potential bidders and offerors whether this independent review is available as an alternative to consideration by the contracting officer of a protest, or is available as an appeal of a contracting officer decision on a protest.
(B) Ensure that the protester receives a redacted copy of the agency's final technical evaluation of the protester's proposal, and a redacted copy of the source selection decision, if required for the procurement, within a reasonable time after the protester elects the independent review;
(C) Provide the protester an opportunity to raise additional protest grounds, within a reasonable time set by the independent review official, if the protester first became aware or should have been aware of the basis for those additional grounds as a result of disclosure according to paragraph (B) of this section.
(iii) Agencies must designate the official(s) who are to conduct this independent review, but the official(s) need not be within the contracting officer's supervisory chain. When possible, officials designated to conduct the independent review should not have been previously personally involved in the procurement.
(b) Timeliness. (1) The agency may consider the merits of any protest that is not filed in time for good cause shown, or where it determines that a protest raises issues significant to the agency's acquisition system.
(2) Filing an agency protest does not extend the time for obtaining a stay at GAO. Agencies may include, as part of the agency protest process, a voluntary suspension period when agency protests are denied and the protester subsequently files at GAO.
(3) If there is an agency appellate review of the contracting officer's decision on the protest, it will not extend GAO's timeliness requirements. Therefore, any subsequent protest to the GAO must be filed within 10 days of knowledge of initial adverse agency action (4 CFR 21.2(a)(3)).
(c) Protest decisions. (1) Agencies must make their best efforts to resolve agency protests within 35 days after the protest is received by the contracting officer or an official conducting an independent review requested according to paragraph (a)(5).
(2) Protest decisions must be well-reasoned, explain the agency position for sustaining or denying the protest, and be provided to the protester using a method that provides evidence of receipt.
Procedures for protests to GAO are found at 4 CFR part 21, Bid Protest Regulations.
(a) If the agency receives notice of a protest from GAO before award, then a contract may not be awarded unless the head of the contracting activity authorizes contract award and performance. The head of the contracting activity, on a nondelegable basis, may authorize contract award and performance upon a written finding that—
(1) Urgent and compelling circumstances which significantly affect the interest of the United States will not allow waiting for a decision from GAO; and
(2) Award is likely to occur within 30 days of the written finding.
(b) An agency may not authorize contract award and performance until the agency has notified GAO of the finding in paragraph (a) of this section.
(c) When a protest against the making of an award is received and award will be withheld pending disposition of the protest, the contracting officer should inform the offerors whose offers might become eligible for award of the protest. If appropriate, those offerors should be requested, before the time for accepting their offers expires, to extend the time for acceptance to avoid the need for resolicitation. If offers are not extended, then consideration should be given to proceeding under paragraph (a) of this section.
(a) If a protest is likely after award, then the contracting officer may direct the contractor to stop performance within the time period contained in paragraph (b)(1) of this section if the contracting officer makes a written determination that—
(1) A protest is likely to be filed; and
(2) Delay of performance is, under the circumstances, in the best interests of the United States.
(b)(1) If the agency receives notice of a protest from the GAO within 10 days after contract award or within 5 days after a debriefing date offered to the protester for any debriefing that is required by 15.206-2 or 15.301-1, whichever is later, then the contracting officer must immediately suspend performance or terminate the awarded contract, unless the head of the contracting activity authorizes contract performance.
(2) The head of the contracting activity, on a nondelegable basis, may authorize contract performance, upon a written finding that—
(i) Contract performance will be in the best interests of the United States; or
(ii) Urgent and compelling circumstances that significantly affect the interests of the United States will not permit waiting for the GAO's decision.
(c) An agency must not authorize contract performance until the agency has notified the GAO of the finding in paragraph (b)(2) of this section.
(d) When it is decided to suspend performance or terminate the awarded contract, the contracting officer should attempt to negotiate a mutual agreement on a no-cost basis.
(e) When the agency receives notice of a protest filed with the GAO after the dates contained in paragraph (b)(1) of this section, the contracting officer does not have to suspend contract performance or terminate the awarded contract unless the contracting officer believes that an award may be invalidated and a delay in receiving the supplies or services is not prejudicial to the Government's interest.
(a) Agency report. Upon notice that a protest has been filed with GAO, the contracting officer must immediately notify legal counsel and begin compiling the information necessary for the agency report that will be filed with GAO.
(b) Notice to GAO. If the agency has not fully implemented the GAO recommendations with respect to a solicitation for a contract or an award or a proposed award of a contract within 60 days of receiving the GAO recommendations, then the head of the contracting activity must report the failure to the GAO by 5 days later. The report must explain the reasons why the GAO's recommendation, exclusive of costs, has not been followed by the agency.
Procedures for protests at the U.S. Court of Federal Claims are set forth in the rules of the U.S. Court of Federal Claims, found at https://www.uscfc.uscourts.gov/filing-bid-protest.
(a) Insert the provision at 52.233-2, Service of Protest, in solicitations if the acquisition value exceeds the simplified acquisition threshold, including those for commercial products or commercial services.
(b) Insert the clause at 52.233-3, Protest After Award, in all solicitations and contracts, including those for commercial products or commercial services, except cost reimbursement contracts. Use the clause with its Alternate I for cost reimbursement contracts.
Subpart 33.2—Disputes and Appeals
41 U.S.C. chapter 71, Contract Disputes, establishes procedures and requirements for asserting and resolving claims subject to the Disputes statute.
As used in this subpart—
Accrual of a claim means the date when all events that fix the alleged liability of either the Government or the contractor and permit assertion of the claim were known or should have been known. For liability to be fixed, some injury must have occurred. However, monetary damages need not have been incurred.
Alternative dispute resolution (ADR) means any type of procedure or combination of procedures voluntarily used to resolve issues in controversy. These procedures may include, but are not limited to, conciliation, facilitation, mediation, fact-finding, minitrials, arbitration, and use of ombudsmen.
Defective certification means a certificate that alters or otherwise deviates from the language in 52.233-1(d)(2)(iii) or which is not executed by a person authorized to bind the contractor with respect to the claim. Failure to certify must not be deemed to be a defective certification.
Issue in controversy means a material disagreement between the Government and the contractor that (1) may result in a claim or (2) is all or part of an existing claim.
Misrepresentation of fact means a false statement of substantive fact, or any conduct that leads to the belief of a substantive fact material to proper understanding of the matter in hand, made with intent to deceive or mislead.
(a) Except as specified in paragraph (b) below, this subpart applies to any express or implied contract covered by the Federal Acquisition Regulation.
(b) This subpart does not apply to any contract with—
(1) A foreign government or agency of that government; or
(2) An international organization or a subsidiary body of that organization, if the agency head determines that the application of the Contract Disputes statute to the contract would not be in the public interest.
(c) This subpart applies to all disputes with respect to contracting officer decisions on matters “arising under” or “relating to” a contract. Agency Boards of Contract Appeals (BCAs) ( e.g., Armed Services Board of Contract Appeals or Civilian Board of Contract Appeals) authorized under the Disputes statute continue to have all of the authority they possessed before the Disputes statute about disputes arising under a contract, as well as authority to decide disputes relating to a contract.
(d) The clause at 52.233-1, Disputes, recognizes the “all disputes” authority established by the Disputes statute, and states certain requirements and limitations of the Disputes statute to guide contractors and contracting agencies. The clause is not intended to affect the rights and obligations of the parties as provided by the Disputes statute or to constrain the authority of the statutory agency BCAs in handling and deciding contractor appeals under the Disputes statute.
(a) A contractor's allegation that it is entitled to rescission or reformation of its contract in order to correct or mitigate the effect of a mistake must be treated as a claim under the Dispute statute.
(b) A claim that is first submitted to the contracting officer for consideration under the Disputes statute and is either denied or not approved in its entirety under the Disputes statute may be presented by the contractor as a request for relief under Public Law 85-804 (50 U.S.C. 1431-1435) as implemented by subpart 50.1.
As a matter of policy, the Government tries to resolve all contractual issues in controversy by mutual agreement at the contracting officer's level. Reasonable efforts should be made to resolve controversies before submitting a claim.
(a) Contractor claims against the Government. (1) Contractor requirements for submission of claims are located at 52.233-1(d).
(2) The contracting officer must document in the contract file the date of receipt of a claim submitted by a contractor.
(b) Government claims against a contractor. The contracting officer must issue a written decision on any Government claim against a contractor within 6 years after accrual of the claim, unless the contracting parties agreed to a shorter time period, or the claim is based on a contractor claim involving fraud.
(a) Contractor requirements for certification of claims exceeding $100,000 are located at 52.233-1(d).
(b) Use the aggregate amount of both increased and decreased costs to determine when the dollar thresholds requiring certification are met (see example in 15.403-3(b)(3)(i) regarding certified cost or pricing data).
(c) A defective certification does not deprive a court or an agency BCA of jurisdiction over that claim. Before the entry of a final judgment by a court or a decision by an agency BCA, the court or agency BCA must require a defective certification to be corrected.
(a) The Government must pay interest on a contractor's claim on the amount found due and unpaid from the date that—
(1) The contracting officer receives the claim (certified if required by 33.205-2); or
(2) Payment otherwise would be due, if that date is later, until the date of payment.
(b) Simple interest on claims must be paid at the rate, fixed by the Secretary of the Treasury as provided in the Disputes statute, which applies to the period during which the contracting officer receives the claim and then at the rate that applies for each 6-month period as fixed by the Treasury Secretary during the pendency of the claim. (See the clause at 52.232-17 for the right of the Government to collect interest on its claims against a contractor).
(c) Interest must be paid on claims having defective certifications starting on the date that the contracting officer initially receives the claim until the date the claim was paid, see 52.233-1(h).
If the contractor is unable to support any part of the claim and evidence reveals that the inability is due to misrepresentation of fact or to fraud on the part of the contractor, the contracting officer must refer the matter to the agency official responsible for investigating fraud.
(a) Contracting officers are authorized, within any specific limitations defined in their warrants, to decide or resolve all claims arising under or relating to a contract subject to the Disputes statute, except this authority does not extend to—
(1) A claim or dispute for penalties or forfeitures prescribed by statute or regulation that another Federal agency is specifically authorized to administer, settle, or determine; or
(2) The settlement, compromise, payment or adjustment of any claim involving fraud.
(b) Contracting officers can use ADR procedures to resolve claims, according to agency policies and 33.205-8.
(a) When a claim by or against a contractor cannot be satisfied or settled by mutual agreement and a decision on the claim is necessary, the contracting officer must—
(1) Review the facts relevant to the claim;
(2) Get help from legal and other advisors;
(3) Coordinate with the contract administration officer or contracting office, as appropriate; and
(4) Prepare a written decision that—
(i) Includes the contracting officer's decision and supporting rationale for the decision reached;
(ii) Substantially conveys the following:
“This is the final decision of the Contracting Officer. You may appeal this decision to the agency board of contract appeals. If you decide to appeal, you must, within 90 days from the date you receive this decision, mail or otherwise furnish written notice to the agency board of contract appeals and provide a copy to the Contracting Officer from whose decision this appeal is taken. The notice must indicate that an appeal is intended, refer to this decision, and identify the contract by number.
With regard to appeals to the agency board of contract appeals, you may, solely at your election, proceed under the board's—
(1) Small claim procedure for claims of $50,000 or less or, in the case of a small business concern (as defined in the Small Business Act and regulations under that Act), $150,000 or less; or
(2) Accelerated procedure for claims of $100,000 or less.
Instead of appealing to the agency board of contract appeals, you may bring an action directly in the United States Court of Federal Claims (except as provided in 41 U.S.C. 7102(d), regarding Maritime Contracts) within 12 months of the date you receive this decision”; and
(iii) Makes a demand for payment prepared according to 32.604 and 32.605 in all cases where the decision results in a finding that the contractor is indebted to the Government.
(b) The contracting officer must furnish a copy of the decision to the contractor by certified mail, return receipt requested, or by any other method that provides evidence of receipt. This requirement applies to decisions on claims initiated by or against the contractor.
(c) The contracting officer must issue the decision within the following statutory time limitations:
(1) For claims of $100,000 or less, 60 days after receiving a written request from the contractor that a decision be given within that period, or within a reasonable time after receipt of the claim if the contractor does not make such a request.
(2) For claims over $100,000, 60 days after receiving a certified claim; provided, however, that if a decision will not be issued within 60 days, the contracting officer must notify the contractor, within that period, of the time within which a decision will be issued.
(d) The contracting officer must issue a decision within a reasonable time, taking into account—
(1) The size and complexity of the claim;
(2) The adequacy of the contractor's supporting data; and
(3) Any other relevant factors.
(e) The contracting officer has no obligation to render a final decision on any claim exceeding $100,000 that contains a defective certification, if within 60 days after receiving the claim, the contracting officer notifies the contractor in writing of the reasons why any attempted certification was found to be defective.
(f) In the event of undue delay by the contracting officer in providing a decision on a claim, the contractor may request the tribunal concerned to direct the contracting officer to issue a decision in a specified time period that the tribunal decides.
(g) Any failure of the contracting officer to issue a decision within the required time periods will be deemed a decision by the contracting officer denying the claim and will authorize the contractor to file an appeal or suit on the claim.
(h) The amount determined payable under the decision, less any portion already paid, should be paid, if otherwise proper, without awaiting contractor action concerning appeal. Such payment must be without prejudice to the rights of either party.
(a)(1) Before the passage of the Disputes statute, the obligation to continue performance applied only to claims arising under a contract. However, the Disputes statute, at 41 U.S.C. 7103(g), authorizes agencies to require a contractor to continue contract performance according to the contracting officer's decision pending a final resolution of any claim arising under, or relating to, the contract.
(2)(i) A claim arising under a contract is a claim that can be resolved under a contract clause, other than the clause at 52.233-1, Disputes, that provides for the relief sought by the claimant. However, relief for such a claim can also be sought under the clause at 52.233-1.
(ii) A claim relating to a contract is a claim that cannot be resolved under a contract clause other than the clause at 52.233-1.
(b) In the event of a dispute relating to the contract, the contracting officer must consider providing, through appropriate agency procedures, financing of the continued performance, provided that the Government's interest is properly secured.
(a)(1) Agencies are encouraged to use ADR procedures as much as possible. Certain factors, however, may make the use of ADR inappropriate (see 5 U.S.C. 572(b)).
(2) Except for arbitration conducted according to the Administrative Dispute Resolution Act (ADRA), (5 U.S.C. 571, et seq. ), agencies have authority that is separate from that provided by the ADRA to use ADR procedures to resolve issues in controversy. Agencies may also choose to proceed under the authority and requirements of the ADRA.
(b) The objective of using ADR procedures is to increase the opportunity to relatively quickly and cheaply resolve an issue in controversy. Essential elements of ADR include—
(1) An issue in controversy;
(2) Both parties choose to participate in the ADR process;
(3) Both parties agree on alternative procedures and terms instead of formal litigation; and
(4) Officials of both parties who have the authority to resolve the issue in controversy choose to participate in the process.
(c)(1) If the contracting officer rejects a contractor's request for ADR proceedings, the contracting officer must give the contractor a written explanation citing one or more of the conditions in 5 U.S.C. 572(b) or such other specific reasons that ADR procedures are inappropriate to resolve the dispute.
(2) If a contractor rejects a request for ADR see 52.233-1(g).
(d) ADR procedures may be used at any time that the contracting officer has authority to resolve the issue in controversy. If a claim has been submitted, ADR procedures may apply to all or a portion of the claim. When ADR procedures are used after a contracting officer has issued their final decision, the contracting officer's use of ADR procedures does not alter any of the time limitations or procedural requirements for filing an appeal of the contracting officer's final decision. The use of ADR procedures does not constitute a reconsideration of the final decision.
(e) When appropriate, a neutral person may be used to help resolve the issue in controversy using the procedures the parties chose.
(f) The confidentiality of ADR proceedings must be protected consistent with 5 U.S.C. 574.
(g)(1) A solicitation must not require arbitration as a condition of award, unless arbitration is otherwise required by law.
(2) An agreement to use arbitration must be in writing and must specify a maximum award that the arbitrator may issue, as well as any other conditions limiting the range of possible outcomes.
(h) Binding arbitration, as an ADR procedure, may be agreed to only as specified in agency guidelines. Such guidelines must provide advice on the appropriate use of binding arbitration and when an agency has authority to settle an issue in controversy through binding arbitration.
(a) Insert the clause at 52.233-1, Disputes, in solicitations and contracts, including those for commercial products or commercial services, except when the conditions in 33.202(b) apply.
(b) Insert the clause at 52.233-4, Applicable Law for Breach of Contract Claim in all solicitations and contracts including those for commercial products or commercial services.
PART 39—ACQUISITION OF INFORMATION AND COMMUNICATION TECHNOLOGY
Sec. 39.001 Applicability. 39.002 Definitions. Subpart 39.1—Presolicitation 39.101 Management of risk. 39.102 Modular contracting. 39.103 Information technology services. 39.104 ICT accessibility standards. 39.104-1 Scope. 39.104-2 Policy. 39.104-3 Applicability. 39.104-4 Exceptions. 39.104-5 Exemptions. 39.105 Positioning, navigation, and timing services. Subpart 39.2—Evaluation and Award 39.201 ICT accessibility standards for indefinite-quantity contracts. Subpart 39.3—Postaward 39.301 ICT accessibility standards for task orders or delivery orders.
Authority:
41 U.S.C. 1121(b); 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
This part—
(a) Applies to acquiring information and communication technology (ICT) and supplies and services that use ICT.
(b) Emphasizes strategies that promote faster acquisition and secure deployment of technology that is new or emerging.
(c) Does not apply to acquiring information technology for national security systems, as defined in 40 U.S.C. 11103.
As used in this part—
Cybersecurity means prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation (see NIST Special Publication 800-53 revision 5 at https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final ).
NICE Workforce Framework for Cybersecurity (NICE Framework) means a common language for describing cybersecurity work which expresses the work as task statements and includes knowledge and skill statements that provide a foundation for learners including students, job seekers, and employees (see NIST Special Publication 800-181 and additional tools to implement it at https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center ).
Positioning, navigation, and timing (PNT) services means any system, network, or capability that provides a reference to calculate or augment the calculation of longitude, latitude, altitude, or transmission of time or frequency data, or any combination thereof ( e.g., Global Positioning System) (see section 2(a) of Executive Order 13905 of February 12, 2020, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services).
Subpart 39.1—Presolicitation
(a) Before entering into an information technology contract, agencies should analyze risks, benefits, and costs. Reasonable risk taking is appropriate as long as risks are controlled and mitigated.
(b) Both contracting and program office officials are responsible for assessing, monitoring and controlling risk throughout the acquisition process.
(a) Agencies should use modular contracting ( i.e., use one or more contracts to acquire information technology systems in successive, interoperable increments) to acquire major systems of information technology, to the maximum extent practicable (see 41 U.S.C. 2308). Agencies may also use modular contracting to acquire non-major systems of information technology.
(b) When acquiring an information technology system ( i.e., either a major system or non-major system), contracting officers may divide it into several smaller increments that—
(1) Are easier to manage individually than would be possible in one comprehensive acquisition;
(2) Address complex information technology objectives incrementally to enhance the likelihood of achieving workable systems or solutions for attainment of those objectives;
(3) Provide for delivery, implementation, and testing of workable systems or solutions in discrete increments, each of which comprises a system or solution that is not dependent on any subsequent increment in order to perform its principal functions; and
(4) Provide an opportunity for subsequent increments to take advantage of any evolution in technology or needs that occur during implementation and use of the earlier increments.
(c) To promote compatibility, each increment should comply with common or commercially acceptable information technology standards when available and appropriate, and be compatible with other (including earlier and later) increments.
(d) When using modular contracting, agencies should, to the maximum extent practicable—
(1) Award a contract for an increment within 180 days after the date the solicitation is issued. If an award cannot be made within 180 days, agencies should consider cancelling the solicitation in accordance with 14.209(j) or 15.106(e).
(2) Schedule deliveries under the contract to occur within 18 months after the solicitation is issued.
(a) When acquiring information technology services, solicitations must not describe any minimum experience or educational requirements for proposed contractor personnel, unless the contracting officer determines that the needs of the agency—
(1) Cannot be met without that requirement; or
(2) Require using other than a performance-based acquisition (see subpart 37.1).
(b) When acquiring information technology support services ( e.g., backup and recovery services, technical support) or cybersecurity support services ( e.g., threat analysis, vulnerability analysis, digital forensics, supply chain risk management), which are a subset of information technology services, agencies must—
(1) Ensure any cybersecurity workforce tasks, knowledge, skills, and work role requirements align with the NICE Framework;
(2) Ensure any cybersecurity workforce tasks, knowledge, skills, and work role requirements comply with paragraph (a) of this section; and
(3) Require any offers, quotes, and reporting requirements ( e.g., contract deliverables) to align with the NICE Framework in effect at the time of the solicitation.
(a) This section implements section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d), and the Architectural and Transportation Barriers Compliance Board's (U.S. Access Board) ICT accessibility standards at 36 CFR 1194.1.
(b) Further information on section 508 is available at https://www.section508.gov.
When acquiring ICT, agencies must ensure that—
(a) Federal employees with disabilities have access to and use of information and data that is comparable to the access and use by Federal employees who are not individuals with disabilities; and
(b) Members of the public with disabilities seeking information or services from an agency have access to and use of information and data that is comparable to the access to and use of information and data by members of the public who are not individuals with disabilities.
(a) General. Unless an exception at 39.104-4 or an exemption at 39.104-5 applies, acquisitions for ICT supplies and services must meet the applicable ICT accessibility standards at 36 CFR 1194.1.
(b) Commercial products and commercial services. When acquiring commercial products and commercial services, an agency must comply with those ICT accessibility standards that can be met with supplies or services that are available in the commercial marketplace and that best address the agency's needs but see 39.104-5(a)(3).
(c) Legacy ICT. Any component or portion of existing ICT ( i.e., ICT that was procured, maintained, or used on or before January 18, 2018) is not required to comply with the current ICT accessibility standards if it—
(1) Complies with an earlier standard issued according to section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d, which is set forth in Appendix D to 36 CFR 1194.1); and
(2) Has not been altered ( i.e., a change that affects interoperability, the user interface, or access to information or data) after January 18, 2018.
(d) Alterations of legacy ICT. When altering any component or portion of existing ICT, after January 18, 2018, modify the component or portion to conform to the current ICT accessibility standards in 36 CFR 1194.1.
(a) The requirements in 39.104-2 do not apply to acquisitions for—
(1) National security systems. ICT operated by agencies as part of a national security system, as defined by 40 U.S.C. 11103(a);
(2) Incidental contract items. ICT acquired by a contractor incidental to a contract, ( i.e., for in-house use by the contractor to perform the contract); or
(3) Maintenance or monitoring spaces. The portions of ICT that are operable parts ( i.e., hardware-based user controls for activating, deactivating, or adjusting ICT) or status indicators, and that are located in spaces frequented only by service personnel for maintenance, repair, or occasional monitoring of equipment.
(b) When an exception applies, the contracting officer must obtain, as a part of the requirements documentation, written confirmation from the requiring activity that an exception, in accordance with paragraph (a)(1), (2), or (3) of this section, applies to the ICT supply or service (see 7.103(b)(6)). The contracting officer must include this documentation in the contract file.
(a) Allowable exemptions. An agency may grant an exemption for the following:
(1) Undue burden. When an agency determines the acquisition of ICT conforming with all the applicable ICT accessibility standards would impose an undue burden on the agency, compliance with the ICT accessibility standards is only required to the extent that it would not impose an undue burden. In determining whether conformance to one or more ICT accessibility standards would impose an undue burden, an agency must consider the extent to which conformance would impose significant difficulty or expense considering the agency resources available to the program or component for which the ICT supply or service is being procured.
(2) Fundamental alteration. When an agency determines that acquisition of ICT that conforms with all applicable ICT accessibility standards would result in a fundamental alteration in the nature of the ICT, such acquisition is required to conform only to the extent that conformance will not fundamentally alter the nature of the ICT.
(3) Nonavailability of conforming commercial products and commercial services. Where there are no commercial products and commercial services that fully conform to the ICT accessibility standards, the agency must procure the supplies or service available in the commercial marketplace that best meets the ICT accessibility standards consistent with the agency's needs.
(b) Alternative means of access. An agency must provide individuals with disabilities access to and use of information and data by an alternative means to meet the identified needs when an exemption in paragraphs (a)(1), (2), or (3) of this section applies.
(c) Documentation. When an exemption applies, the contracting officer must obtain, as part of the requirements documentation, a written determination from the requiring activity explaining the basis for the exemption in paragraphs (a)(1), (2) or (3) of this section. The contracting officer must include this documentation in the contract file.
(1) Undue burden. A determination of undue burden must address why and to what extent compliance with applicable ICT accessibility standards constitutes an undue burden.
(2) Fundamental alteration. A determination of fundamental alteration must address the extent to which compliance with the applicable ICT accessibility standards would fundamentally alter the nature of the ICT.
(3) Nonavailability of conforming commercial products and commercial services. A determination of commercial products and commercial services nonavailability must include—
(i) A description of the market research performed;
(ii) A listing of the requirements that cannot be met; and
(iii) The rationale for determining that the ICT to be procured best meets the ICT accessibility standards in 36 CFR 1194.1, consistent with the agency's needs.
When acquiring products, systems, or services that depend on PNT services ( e.g., Global Positioning System), the contracting officer must work with the requiring activity to ensure the requirements documents incorporate guidance from the Federal PNT Services Acquisitions Guidance (available at https://www.cisa.gov/resources-tools/resources/federal-positioning-navigation-and-timing-services-acquisitions-guidance ), as appropriate (see section 4(e) of Executive Order 13905, of February 12, 2020, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services).
Subpart 39.2—Evaluation and Award
(a) The contracting officer is not required to confirm an exception (see 39.104-4) or determine an exemption (see 39.104-5) before awarding an indefinite-quantity contract.
(b) The contract must identify which supplies and services the contractor indicates as compliant and show where to find full details of compliance ( e.g., a contractor may provide a link to a vendor's website identifying supplies or services that are fully compliant with ICT accessibility standards).
Subpart 39.3—Postaward
When issuing a task order or delivery order under an indefinite-quantity contract, the requiring activity and ordering activity must ensure compliance with the ICT accessibility standards. For a noncompliant ICT item, the requiring activity must document an exception (see 39.104-4) or exemption (see 39.104-5).
PART 40—INFORMATION SECURITY AND SUPPLY CHAIN SECURITY
Sec. 40.000 Scope of part. 40.001 Definitions. Subpart 40.1—Processing Supply Chain Risk Information 40.101 Definition. 40.102 Sharing supply chain risk information. Subpart 40.2—Security Prohibitions and Exclusions 40.201 Definitions. 40.202 Prohibitions. 40.203 General procedures. 40.203-1 Assessment of proposals. 40.203-2 Disclosures. 40.203-3 Waivers and exceptions. 40.203-4 Reporting requirements. 40.204 Specific procedures. 40.204-1 FASCSA orders. 40.204-2 Covered procurement actions. 40.204-3 Sudan prohibition. 40.204-4 Iran prohibitions. 40.205 Solicitation provision and contract clause. Subpart 40.3—Safeguarding Information 40.300 Scope. 40.301 Definitions. 40.302 Classified information. 40.302-1 National industrial security program. 40.302-2 Responsibilities of contracting officers. 40.302-3 Contract clause. 40.303 Covered Federal information. 40.303-1 Applicability. 40.303-2 Contract clause. 40.304 Controlled unclassified information (CUI). 40.304-1 Definitions. 40.304-2 Authorities. 40.304-3 Applicability. 40.304-4 Policy. 40.304-5 Procedures. 40.304-6 CUI incident reports. 40.304-7 Solicitation provision and contract clause.
Authority:
41 U.S.C. 1121(b); 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
(a) This part addresses broad security requirements that apply to acquisitions of products and services. It outlines policies and procedures for managing information security and supply chain security when acquiring products and services that include, but are not limited to, information and communications technology (ICT).
(b) See parts 24 and 46 for more policies and procedures related to managing information security and supply chain security.
(c) Information and supply chain policies and procedures that are unrelated to security are covered in other parts of the FAR ( e.g., part 22 for labor and human trafficking risks).
As used in this part—
Information means any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, electronic, or audiovisual forms (see OMB Circular A-130, Managing Information as a Strategic Resource).
Supply chain means a linked set of resources and processes between multiple tiers of developers that begins with the sourcing of products and services and extends through the design, development, manufacturing, processing, handling, and delivery of products and services to the acquirer (see OMB Circular A-130, Managing Information as a Strategic Resource).
Supply chain risk, as defined in 41 U.S.C. 4713(k), means the risk that any person may sabotage, maliciously introduce unwanted functionality, extract data, or otherwise manipulate the design, integrity, manufacturing, production, distribution, installation, operation, maintenance, disposition, or retirement of covered articles so as to surveil, deny, disrupt, or otherwise manipulate the function, use, or operation of the covered articles or information stored or transmitted on the covered articles.
Subpart 40.1—Processing Supply Chain Risk Information
As used in this subpart—
Supply chain risk information includes, but is not limited to, information that describes or identifies:
(1) Functionality and features of covered articles, including access to data and information system privileges;
(2) The user environment where a covered article is used or installed;
(3) The ability of a source to produce and deliver covered articles as expected;
(4) Foreign control of, or influence over, a source or covered article ( e.g., foreign ownership, personal and professional ties between a source and any foreign entity, legal regime of any foreign country in which a source is headquartered or conducts operations);
(5) Implications to government mission(s) or assets, national security, homeland security, or critical functions associated with use of a covered source or covered article;
(6) Vulnerability of Federal systems, programs, or facilities;
(7) Market alternatives to the covered source;
(8) Potential impact or harm caused by the possible loss, damage, or compromise of a product, material, or service to an organization's operations or mission;
(9) Likelihood of a potential impact or harm, or the possible exploitation of a system;
(10) Security, authenticity, and integrity of covered articles and their supply and compilation chains;
(11) Capacity to mitigate risks identified;
(12) Factors that may reflect upon the reliability of other supply chain risk information; and
(13) Any other considerations that would factor into analyzing the security, integrity, resilience, quality, trustworthiness, or authenticity of covered articles or sources.
Executive agencies must share relevant supply chain risk information with the Federal Acquisition Security Council (FASC) if the executive agency determines there is a reasonable basis to conclude a substantial supply chain risk associated with a source or covered article exists (see 41 CFR 201-1.201).
Subpart 40.2—Security Prohibitions and Exclusions
As used in this subpart—
American Security Drone Act-covered foreign entity means an entity included on a list developed and maintained by the Federal Acquisition Security Council (FASC) and published in the System for Award Management (SAM) at https://www.sam.gov (section 1822 of Pub. L. 118-31, 41 U.S.C. 3901 note prec.).
Backhaul means intermediate links between the core network, or backbone network, and the subnetworks at the edge of the network ( e.g., connecting cell phones/towers to the core telephone network). Backhaul can be wireless ( e.g., microwave) or wired ( e.g., fiber optic, coaxial cable, Ethernet).
Business operations means engaging in commerce in any form, including by acquiring, developing, maintaining, owning, selling, possessing, leasing, or operating equipment, facilities, personnel, products, services, personal property, real property, or any other apparatus of business or commerce.
Covered application means the social networking service TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited.
Covered article, as defined in 41 U.S.C. 4713(k), means—
(1) Information technology, as defined in 40 U.S.C. 11101, including cloud computing services of all types;
(2) Telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153);
(3) The processing of information on a Federal or non-Federal information system, subject to the requirements of the Controlled Unclassified Information program (see 32 CFR part 2002); or
(4) Hardware, systems, devices, software, or services that include embedded or incidental information technology.
Covered foreign country means The People's Republic of China.
Covered procurement, as defined at 41 U.S.C. 4713(k), means—
(1) A source selection for a covered article involving either a performance specification, as provided in 41 U.S.C. 3306(a)(3)(B), or an evaluation factor, as provided in 41 U.S.C. 3306(b)(1)(A), relating to a supply chain risk, or where supply chain risk considerations are included in the agency's determination of whether a source is a responsible source as defined in 41 U.S.C. 113 (see part 9);
(2) The consideration of proposals for, and issuance of a task or delivery order for, a covered article, as provided in 41 U.S.C. 4106(d)(3), where the task or delivery order contract includes a contract clause establishing a requirement relating to a supply chain risk;
(3) Any contract action involving a contract for a covered article where the contract includes a clause establishing requirements relating to a supply chain risk; or
(4) Any other procurement in a category of procurements determined appropriate by the Federal Acquisition Regulatory Council, with the advice of the Federal Acquisition Security Council. The Federal Acquisition Regulatory Council has not yet determined any categories.
Covered procurement action, as defined at 41 U.S.C. 4713(k), means any of the following actions, if the action takes place in the course of conducting a covered procurement—
(1) The exclusion of a source that fails to meet qualification requirements established under 41 U.S.C. 3311 (see part 9) for the purpose of reducing supply chain risk in the acquisition or use of covered articles;
(2) The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order;
(3) The determination that a source is not a responsible source as defined in 41 U.S.C. 113 (see part 9) based on considerations of supply chain risk; and
(4) The decision to withhold consent for a contractor to subcontract with a particular source or to direct a contractor to exclude a particular source from consideration for a subcontract under the contract.
Covered telecommunications equipment or services means—
(1) Telecommunications equipment produced ( i.e. manufactured, designed, developed, or licensed intellectual property) by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities);
(2) For the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance equipment and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities);
(3) Telecommunications services or video surveillance services provided by such entities or using such equipment; or
(4) Telecommunications equipment, telecommunications services, video surveillance equipment, or video surveillance services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence (DNI) or the Director of the Federal Bureau of Investigation (FBI), reasonably believes to be an entity owned or controlled (see 31 CFR 800.208) by, or otherwise connected to, the government of a covered foreign country.
FASCSA order means any of the following orders issued under the Federal Acquisition Supply Chain Security Act (FASCSA) that requires removing covered articles from executive agency information systems or excluding one or more named sources or named covered articles from executive agency procurement actions, as described in 41 CFR 201-1.303(d) and (e):
(1) The Secretary of Homeland Security may issue FASCSA orders that apply to civilian agencies, to the extent not covered by paragraph (2) or (3) of this definition. This type of FASCSA order may be referred to as a Department of Homeland Security (DHS) FASCSA order.
(2) The Secretary of Defense may issue FASCSA orders that apply to the Department of Defense (DoD) and national security systems other than sensitive compartmented information systems. This type of FASCSA order may be referred to as a DoD FASCSA order.
(3) The Director of National Intelligence (DNI) may issue FASCSA orders that apply to the intelligence community and sensitive compartmented information systems, to the extent not covered by paragraph (2) of this definition. This type of FASCSA order may be referred to as a DNI FASCSA order.
Federal Acquisition Security Council (FASC) means the Council established under 41 U.S.C. 1322(a).
Information technology, as defined in 40 U.S.C. 11101(6) —
(1) Means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use—
(i) Of that equipment; or
(ii) Of that equipment to a significant extent in the performance of a service or the furnishing of a product;
(2) Includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but
(3) Does not include any equipment acquired by a Federal contractor incidental to a Federal contract.
Intelligence community, as defined by 50 U.S.C. 3003(4), means—
(1) The Office of the Director of National Intelligence;
(2) The Central Intelligence Agency;
(3) The National Security Agency;
(4) The Defense Intelligence Agency;
(5) The National Geospatial-Intelligence Agency;
(6) The National Reconnaissance Office;
(7) Other offices within DoD for the collection of specialized national intelligence through reconnaissance programs;
(8) The intelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Space Force, the Coast Guard, the Federal Bureau of Investigation, the Drug Enforcement Administration, and the Department of Energy;
(9) The Bureau of Intelligence and Research of the Department of State;
(10) The Office of Intelligence and Analysis of the Department of the Treasury;
(11) The Office of Intelligence and Analysis of the Department of Homeland Security; or
(12) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence and the head of the department or agency concerned, as an element of the intelligence community.
Kaspersky Lab-covered article means any hardware, software, or service that—
(1) Is developed or provided by a Kaspersky Lab-covered entity;
(2) Includes any hardware, software, or service developed or provided in whole or in part by a Kaspersky Lab-covered entity; or
(3) Contains components using any hardware or software developed in whole or in part by a Kaspersky Lab-covered entity.
Kaspersky Lab-covered entity means—
(1) Kaspersky Lab;
(2) Any successor entity to Kaspersky Lab, including any change in name, e.g., “Kaspersky”;
(3) Any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(4) Any entity of which Kaspersky Lab has a majority ownership.
Marginalized populations of Sudan means—
(1) Adversely affected groups in regions authorized to receive assistance under section 8(c) of the Darfur Peace and Accountability Act (Pub. L. 109-344) (50 U.S.C. 1701 note); and
(2) Marginalized areas in Northern Sudan described in section 4(9) of such Act.
National security system, as defined in 44 U.S.C. 3552, means any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—
(1) The function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions, but does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications); or
(2) Is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
Sensitive compartmented information means classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.
Sensitive compartmented information system means a national security system authorized to process or store sensitive compartmented information.
Source means a non-Federal supplier, or potential supplier, of products or services, at any tier.
Subsidiary means an entity in which more than 50 percent of the entity is owned directly by a parent corporation or through another subsidiary of a parent corporation.
Telecommunications equipment means equipment used to produce, transmit, emit, or receive, or store signals, signs, writing, images, sounds, or intelligence of any nature, by wire, cable, satellite, fiber optics, laser, radio, or any other electronic, electric, electromagnetic, or acoustically coupled means.
Telecommunications services means services used to produce, transmit, emit, or receive, or store signals, signs, writing, images, sounds, or intelligence of any nature, by wire, cable, satellite, fiber optics, laser, radio, or any other electronic, electric, electromagnetic, or acoustically coupled means.
Unmanned aircraft means an aircraft that is operated without the possibility of direct human intervention from within or on the aircraft (49 U.S.C. 44801(11)).
Unmanned aircraft system means an unmanned aircraft and associated elements (including communication links and the components that control the unmanned aircraft) that are required for the operator to operate safely and efficiently in the national airspace system (49 U.S.C. 44801(12)). See 41 CFR 201-1.101 for the list of associated elements identified by the FASC.
Video surveillance equipment means equipment used to identify or monitor activities or information through use of imaging, visual, or audio methods.
Video surveillance services means services used to identify or monitor activities or information through use of imaging, visual, or audio methods.
Agencies are prohibited from contracting, including renewing or extending contracts, with contractors that operate, provide, or use certain products or services that violate any of the following prohibitions (see the clause at 52.240-3 for details regarding the scope of each prohibition and whether there are any exceptions, exemptions, or waiver possibilities):
(a) TikTok/ByteDance. Covered Application (Section 102 of Division R of the Consolidated Appropriations Act, 2023 (Pub. L. 117-328)).
(b) Kaspersky. Kaspersky Lab-covered article (Section 1634 of Division A of the National Defense Authorization Act (NDAA) for Fiscal Year 2018 (Pub. L. 115-91).
(c) Drones. Unmanned Aircraft Systems Manufactured or Assembled by American Security Drone Act—Covered Foreign Entities (American Security Drone Act of 2023, within the NDAA for Fiscal Year 2024 (Pub. L. 118-31, Div. A, Title XVIII, Subtitle B, 41 U.S.C. 3901 note prec.)).
(d) Telecommunications and video surveillance equipment. (Paragraphs (a)(1)(A) and (a)(1)(B) of section 889 of the John S. McCain NDAA for Fiscal Year 2019 (Pub. L. 115-232)).
(e) Governmentwide exclusion orders. FASCSA orders (sections 1823 and 1826 of Pub. L. 118-31, 41 U.S.C. 3901 note prec.).
(f) Covered procurement actions (41 U.S.C. 4713).
(g) Office of Foreign Assets Control (OFAC) restrictions. OFAC Restrictions (International Emergency Economic Powers Act (IEEPA) (50 U.S.C. 1701 et seq. )).
(h) Sudan prohibition. Accountability and Divestment Act of 2007 (Pub. L. 110-174).
(i) Iran prohibitions. Section 6(b)(1)(A) of Iran Sanctions Act (50 U.S.C. 1701 note) and section 6(b)(1)(B) of Iran Sanctions Act (50 U.S.C. 1701 note).
Except where an exemption, exception, or waiver applies, the contracting officer should work with the program office or requiring activity to review proposals if needed to ensure they are not proposing delivery of a product or service in violation of the prohibitions in 40.202, such as a FASC-prohibited unmanned aircraft system (drone).
If the offeror submits a disclosure according to 52.240-2, the contracting officer must follow agency procedures to determine if an exception or exemption applies with any prohibition or if a waiver may be applicable in accordance with 40.203-3.
(a) An acquisition may be either fully or partially covered by a waiver or exception. Partial waiver or exception coverage occurs when an applicable waiver or exception covers only portions of the products or services being procured or provided by a source. If the requiring activity notifies the contracting officer that the acquisition is partially covered by an approved exception, individual waiver, or class waiver, then the contracting officer must work with the program office or requiring activity to identify the products or services that are subject to the waiver or exception in the solicitation, request for quotation, or order.
(b) The contracting officer, in accordance with agency procedures, must decide whether to pursue a waiver or exception or to make award to an offeror that does not require a waiver or exception. If a full or partial waiver or exception is being pursued, then the contracting officer may not make an award until written approval is obtained that the waiver or exception has been granted.
If a contractor submits a report according to 52.240-3, the contracting officer must follow agency procedures to determine if an exception or exemption applies with any prohibition, or if a waiver may be applicable in accordance with 40.203-3.
(a) Identifying applicable FASCSA orders. Whether FASCSA orders apply to a particular acquisition depends on the contracting office's agency, the scope of the FASCSA order, the funding, and whether the requirement involves certain types of information systems (see the definition of “FASCSA order” at 40.201).Coordinate with the program office or requiring activity to identify the FASCSA order(s) that apply to the acquisition as follows:
(1) Unless the program office or requiring activity instructs the contracting officer otherwise, FASCSA orders apply as follows:
(i) Contracts awarded by civilian agencies will be subject to DHS FASCSA orders.
(ii) Contracts awarded by DoD will be subject to DoD FASCSA orders. See paragraph (e)(1) of 52.240-3, Security Prohibitions and Exclusions.
(2) For acquisitions where the program office or the requiring activity instructs the contracting officer to select specific types of FASCSA orders, select “yes” or “no” for each applicable type of FASCSA order. See paragraph (e)(1) of 52.240-3, Security Prohibitions and Exclusions, with its Alternate I.
(b) Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts specific procedures.
(1) Applying FASCSA orders. An agency awarding this type of contract must apply FASCSA orders to the basic contract award. Ordering activity contracting officers may use this contract vehicle without taking further steps to identify applicable FASCSA orders in the order. The contracting officer awarding the basic contract would select “yes” for all FASCSA orders ( i.e., “DHS FASCSA Order” “DoD FASCSA Order” and “DNI FASCSA Order”) (see paragraph (e)(1) of 52.240-3, Security Prohibitions and Exclusions, with its Alternate I). If the contracting officer becomes aware of a newly issued applicable FASCSA order, then the agency awarding the basic contract must modify the basic contract to remove any covered article, or any products or services produced or provided by a source, prohibited by the newly issued FASCSA order.
(2) Interagency acquisitions. For an interagency acquisition (see subpart 17.5) where the funding agency differs from the awarding agency, the funding agency must determine the applicable FASCSA orders.
(c) Updating the solicitation or contract for new FASCSA orders. The contracting officer must update a solicitation or contract if the program office or requiring activity determines it needs to—
(1) Amend the solicitation to include FASCSA orders in effect after the date the solicitation was issued but before contract award; or
(2) Modify the contract to include FASCSA orders issued after the date of contract award.
(i) Any such modification should take place within a reasonable amount of time, but no later than 6 months from the program office or requiring activity's determination.
(ii) If the contract is not modified within the time specified in paragraph (c)(2)(i) of this section, then document the contract file with the reason why the contract could not be modified within this timeframe.
(d) Agency specific procedures. Follow agency procedures for implementing FASCSA orders not identified in SAM.
(e) Exceptions.
(1) An executive agency required to comply with a FASCSA order may submit a request that the order or some of its provisions not apply to—
(i) The agency;
(ii) Specific actions of the agency or a specific class of acquisitions;
(iii) Actions of the agency for a period of time before compliance with the order is practicable; or
(iv) Other activities, as appropriate, that the requesting agency identifies.
(2) The executive agency must submit a written exception request to the official that issued the order, unless other instructions for submission are provided by the applicable FASCSA order.
(3) Provide the following information in the exception request for the issuing official to review and evaluate the request:
(i) Identification of the applicable FASCSA order.
(ii) A description of the exception sought, including, if limited to only a portion of the order, a description of the order provisions from which an exception is sought.
(iii) The name or a description sufficient to identify the covered article or the product or service provided by a source that is subject to the order from which an exception is sought.
(iv) Compelling justification for why an exception should be granted, such as the impact of the order on the agency's ability to fulfill its mission-critical functions, or considerations related to the national interest, including national security reviews, national security investigations, or national security agreements.
(v) Any alternative mitigations to reduce the risks addressed by the FASCSA order.
(vi) Any other information requested by the issuing official.
(a) Agency responsibilities. Agencies must establish procedures to ensure compliance with the requirements in 41 U.S.C. 4713. Covered procurement actions apply to a single covered procurement or a class of covered procurements as determined by the agency carrying out the action.
(b) Identifying covered procurement actions. The contracting officer must identify in the solicitation and contract any source or specified product or service that is subject to covered procurement action identified as applicable by the program office or requiring activity.
(c) Updating the solicitation or contract for new covered procurement actions. The contracting officer must update a solicitation or contract if the program office or requiring activity determines there is a need to—
(1) Amend the solicitation to include a source or specified product or service that is subject to a covered procurement action in effect after the date the solicitation was issued but before contract award; or
(2) Modify the contract to include a source or specified product or service that is subject to a covered procurement action issued after the date of contract award.
(i) Any such modification should take place within a reasonable amount of time, but no later than 6 months from the program office or requiring activity's determination.
(ii) If the contract is not modified within the time specified in paragraph (b)(2)(i) of this section, then document the contract file with the reason why the contract could not be modified within this timeframe.
(d) Agency specific procedures. Follow agency procedures for implementing covered procurement actions for any source or specific product not identified in SAM.
(e) Waivers. The contracting officer must follow agency procedures for reviewing any waiver requests from an offeror or contractor.
(a) Waivers.
(1) The President may waive the certification within the provision at 52.240-2(f) on a case-by-case basis if the President determines and certifies in writing to the appropriate congressional committees that it is in the national interest to do so.
(2) An agency seeking waiver of the requirement must submit the request to the Administrator of the Office of Federal Procurement Policy (OFPP), allowing sufficient time for review and approval. Upon receipt of the waiver request, OFPP must consult with the President's National Security Council and the Department of State to assess foreign policy aspects of making a national interest recommendation.
(3) Agencies may request a waiver on an individual or class basis; however, waivers are not indefinite and can be cancelled if warranted.
(i) Request a waiver only when the class of supplies is not available from any other source, and it is in the national interest.
(ii) Prior to submitting the waiver request, the agency head must review and clear the request.
(iii) All waiver requests must include the following information:
(A) Agency name and point of contact name, telephone number, and email address.
(B) Offeror's name, complete mailing address, and point of contact name, telephone number, and email address.
(C) Description/nature of product or service.
(D) The total price and length of the contract.
(E) Justification, with market research demonstrating that no other offeror can provide the product or service and stating why the product or service must be procured from this offeror, as well as why it is in the national interest for the President to waive the prohibition on contracting with this offeror that conducts restricted business operations in Sudan, including consideration of foreign policy aspects identified in consultation(s) pursuant to paragraph(a)(2)of this section.
(F) Documentation regarding the offeror's past performance and integrity.
(G) Information regarding the offeror's relationship or connection with other firms that conduct prohibited business operations in Sudan.
(H) Any humanitarian efforts engaged in by the offeror, the human rights impact of doing business with the offeror for which the waiver is requested, and the extent of the offeror's business operations in Sudan.
(4) The consultation in paragraph (a)(2) of this section and the information in paragraph (a)(3)(iii) of this section will be considered in determining whether to recommend that the President waive the certification within the provision at 52.240-2(f). In accordance with section 6(c) of the Sudan Accountability and Divestment Act of 2007, OFPP will semiannually submit a report to Congress, on April 15th and October 15th, on the waivers granted.
(b) Remedies. Upon the determination of a false certification within the provision at 52.240-2(f)—
(1) The contracting officer may terminate the contract;
(2) The suspending and debarring official (SDO) may suspend the contractor in accordance with the procedures in part 9; and
(3) The SDO may debar the contractor for a period not to exceed 3 years in accordance with the procedures in part 9.
(a) Waivers.
(1) An agency seeking a waiver of the representation and certifications in the provision at 52.240-2(g) or the prohibition in the clause at 52.240-3(d)(4), consistent with section 6(b)(5) of the Iran Sanctions Act or 22 U.S.C. 8551(b), respectively, and the Presidential Memorandum of September 23, 2010 (75 FR 67025), must submit the request to OFPP, allowing sufficient time for review and approval.
(2) Agencies may request a waiver on an individual or class basis; however, waivers are not indefinite and can be cancelled, if warranted.
(i) Request a class waiver only when the class of supplies or equipment is not available from any other source and it is in the national interest.
(ii) Prior to submitting the waiver request, the agency head must review and clear the request.
(3) In general, all waiver requests should include the following information:
(i) Agency name and point of contact name, telephone number, and email address.
(ii) Offeror's name, complete mailing address, and point of contact name, telephone number, and email address.
(iii) Description/nature of product or service.
(iv) The total price and length of the contract.
(v) Justification, with market research demonstrating that no other offeror can provide the product or service and stating why the product or service must be procured from this offeror.
(A) If the offeror exports sensitive technology to the government of Iran or any entities or individuals owned or controlled by, or acting on behalf or at the direction of, the government of Iran, provide rationale why it is in the national interest for the President to waive the prohibition on contracting with this offeror, as required by 22 U.S.C. 8551(b).
(B) If the offeror conducts activities for which sanctions may be imposed under section 5 of the Iran Sanctions Act or engages in any transaction that exceeds the certification transaction threshold within the provision at 52.240-2(g)(1)(iii) with Iran's Revolutionary Guard Corps or any of its officials, agents, or affiliates, the property and interests in property of which are blocked pursuant to the International Emergency Economic Powers Act, provide rationale why it is essential to the national security interests of the United States for the President to waive the prohibition on contracting with this offeror, as required by section 6(b)(5) of the Iran Sanctions Act.
(vi) Documentation regarding the offeror's past performance and integrity.
(vii) Information regarding the offeror's relationship or connection with other firms that—
(A) Export sensitive technology to the government of Iran or any entities or individuals owned or controlled by, or acting on behalf or at the direction of, the government of Iran;
(B) Conduct activities for which sanctions may be imposed under section 5 of the Iran Sanctions Act; or
(C) Conduct any transaction that exceeds the certification transaction threshold within the provision at 52.240-2(g)(1)(iii) with Iran's Revolutionary Guard Corps or any of its officials, agents, or affiliates, the property and interests in property of which are blocked pursuant to the International Emergency Economic Powers Act.
(viii) Describe—
(A) The sensitive technology and the entity or individual to which it was exported ( i.e., the government of Iran or an entity or individual owned or controlled by, or acting on behalf or at the direction of, the government of Iran);
(B) The activities in which the offeror is engaged for which sanctions may be imposed under section 5 of the Iran Sanctions Act; or
(C) The transactions that exceed the certification transaction threshold within the provision at 52.240-2(g)(1)(iii) with Iran's Revolutionary Guard Corps or any of its officials, agents, or affiliates, the property and interests in property of which are blocked pursuant to the International Emergency Economic Powers Act.
(b) Remedies. Upon the determination of a false certification within the provision at 52.240-2(g)(1)(ii) or at 52.240-2(g)(1)(iii), the agency must take one or more of the following actions:
(1) The contracting officer terminates the contract in accordance with procedures in part 49, or for commercial products and commercial services, see part 12.
(2) The SDO suspends the contractor in accordance with the procedures in part 9.
(3) The SDO debars the contractor for a period of at least two years in accordance with the procedures in part 9.
(a) Insert the provision at 52.240-2, Security Prohibitions and Exclusions—Representations and Certifications, in all solicitations including those for commercial products or commercial services.
(b)(1) Except as prescribed in paragraph (b)(2), insert the clause at 52.240-3, Security Prohibitions and Exclusions, in all solicitations and contracts including those for commercial products or commercial services.
(2) Insert the clause with its Alternate I including for acquisitions of commercial products or commercial services in—
(i) Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts; and
(ii) Where the program office or the requiring activity instructs the contracting officer to select specific types of FASCSA orders.
Subpart 40.3—Safeguarding Information
(a) This subpart provides policies and procedures for safeguarding classified information, controlled unclassified information (CUI), and covered Federal information.
(b) Part 27, Patents, Data, and Copyrights, contains policy and procedures for safeguarding classified information in patent applications and patents.
As used in this subpart—
Covered contractor information system means an information system that is owned, or operated by or for, a contractor and that processes, stores, or transmits covered Federal information.
Covered Federal information means information provided by or created for the Government, when that information is other than—
(1) Simple transactional information (such as that necessary to process payments);
(2) Information already publicly released (such as on public websites), or marked for public release, by the Government;
(3) Federally-funded basic and applied research at colleges, universities, and laboratories in accordance with National Security Decision Directive 189;
(4) CUI; or
(5) Classified information.
Handle or handling means any use of information, including but not limited to accessing, processing, collecting, developing, receiving, transmitting, storing, marking, safeguarding, transporting, disseminating, reusing, and disposing of the information.
Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information (44 U.S.C. 3502).
This section provides policies and procedures to implement the National Industrial Security Program according to Executive Order 12829, January 6, 1993 (58 FR 3479, January 8, 1993), titled “National Industrial Security Program” (NISP). Executive Order 12829 amends Executive Order 10865, February 20, 1960 (25 FR 1583, February 25, 1960), entitled “Safeguarding Classified Information Within Industry,” as amended by Executive Order 10909, January 17, 1961 (26 FR 508, January 20, 1961). This program safeguards Federal Government classified information. The following publications implement the program:
(a) National Industrial Security Program Operating Manual (NISPOM) (32 CFR part 117).
(b) DoD Manual 5220.32 Volume 1, National Industrial Security Program: Industrial Security Procedures for Government Activities.
(a) Review all proposed solicitations to determine whether offerors or contractors may handle classified information.
(b) Nondefense agencies that have industrial security services agreements with DoD and DoD components must use the Contract Security Classification Specification, DD Form 254. The contracting officer or authorized agency representative is the approving official for the DD Form 254 associated with the prime contract and must ensure the DD Form 254 is properly prepared, distributed by and coordinated with requirements and security personnel, according to agency procedures.
(a) Insert the clause at 52.240-4, Classified Information, in solicitations and contracts when the contract may handle classified information, including those for commercial products or commercial services unless the conditions specified in paragraph (d) of this section apply.
(b) If a cost contract for research and development with an educational institution is considered, use the clause with its Alternate I.
(c) If a construction or architect-engineer contract, including construction that is a commercial service where employee identification is required for security reasons use the clause with its Alternate II.
(d) If the contracting agency is not covered by the NISP and has prescribed a clause and alternates that are substantially the same as those at 52.240-4, the contracting officer must use the agency-prescribed clause as required by agency procedures.
This section applies to all acquisitions, including acquisitions of commercial products or commercial services when a contractor may handle covered Federal information or a contractor's information system may contain covered Federal information.
Insert the clause at 52.240-5, Covered Federal Information, in solicitations and contracts including those for commercial products and commercial services when the contractor or a subcontractor at any tier may handle covered Federal information.
As used in this section—
Authorized holder is an individual, agency, organization ( e.g., contractor), or group of users that is permitted to handle CUI, in accordance with this part.
CUI Basic means the subset of CUI for which the authorizing law, regulation, or Governmentwide policy does not set out specific handling or dissemination controls. CUI Basic must be handled according to the uniform set of controls set forth in 32 CFR part 2002 and the CUI Registry.
CUI Categories means those types of information for which laws, regulations, or Governmentwide policies require or permit agencies to exercise safeguarding or dissemination controls, and which has been listed in the CUI Registry.
CUI incident means unauthorized disclosure, improper modification, improper destruction of CUI, in any form or medium, or unauthorized access to the information system on which the CUI resides. Improper handling of CUI ( e.g., unmarked or mismarked CUI) is not a CUI incident unless the improper handling has resulted in an unauthorized disclosure, improper modification, or improper destruction of CUI.
CUI Registry means the online repository for all information, guidance, policy, and requirements on handling CUI. Among other information, the CUI Registry identifies all approved CUI categories and subcategories, provides general descriptions for each, identifies the basis for controls, establishes markings, and includes guidance on handling procedures (see https://www.archives.gov/cui ).
CUI Specified means the subset of CUI for which the authorizing law, regulation, or Governmentwide policy contains specific handling controls that it requires or permits agencies to use and that differ from those for CUI Basic. The CUI Registry indicates which laws, regulations, and Governmentwide policies include such specific requirements.
Lawful Government purpose means any activity, mission, function, operation, or endeavor that the Government authorizes or recognizes as within the scope of its legal authorities or the legal authorities of non-executive branch entities such as State and local law enforcement.
Limited dissemination control means any control identified on the CUI Registry that agencies may use to limit or specify CUI dissemination.
On behalf of an agency means a contractor uses or operates an information system or maintains or collects information for the purpose of processing, storing, or transmitting Federal information, and those activities are not incidental to providing a service or product to the Government.
Unauthorized disclosure means when an authorized holder of CUI intentionally or unintentionally discloses, accesses, or observes CUI without a lawful Government purpose, in violation of restrictions imposed by safeguarding or dissemination controls, or contrary to limited dissemination controls.
(a) Executive Order 13556 of November 4, 2010, entitled “Controlled Unclassified Information.”
(b) 32 CFR part 2002, Controlled Classified Information (CUI).
(a) The requirements for handling CUI in this section apply when an offeror or contractor is expected to handle CUI, including instances when CUI resides on or transits through contractor information systems or within contractor facilities.
(b) The CUI requirements in the clause at 52.240-7, Controlled Unclassified Information, and SF XXX only apply when CUI will be involved in the contract. Offerors and contractors whose performance does not involve CUI will not be required to receive a Standard Form XXX and will not be subject to the requirements of FAR 52.240-6 or 52.240-7.
(a) The requiring activity will identify any CUI in the SF XXX, Controlled Unclassified Information (CUI) Requirements, which must be incorporated in the contract. Contractors are required to safeguard only the CUI that is identified in the SF XXX. However, see 52.240-7(c).
(b) Applicable CUI requirements can be waived by the Government in accordance with 32 CFR 2002.38.
(a) For each requirement, except those exclusively for the acquisition of commercially available off-the-shelf items, the contracting officer must obtain from the requiring activity an SF XXX that—
(1) Identifies what CUI is involved in the contract; and
(2) Specifies if and how the contractor is to identify and mark CUI involved in the contract ( e.g., when the contractor is generating or developing the CUI, or when the purpose of the contract is to mark CUI).
(b)(1) If the contracting officer has a reason to question the information on the SF XXX, the contracting officer must request that the requiring activity verify that the SF XXX is accurate.
(2) If the requiring activity has marked the “Yes” box in Part A of SF XXX, the contracting officer must incorporate the SF in the solicitation and contract and the clause at 52.240-7, as prescribed at 40.304-6, to communicate requirements for handling CUI during contract performance.
(3) If the requiring activity has marked the “No” box in Part A of SF XXX, the contracting officer must include in the contract file a copy of the SF XXX.
(c) If the requiring activity states that there should be controlled access to the contents of the SF XXX or the SF XXX is marked as CUI itself, contracting officers must follow agency procedures for handling the SF XXX.
(d) If the contracting officer is notified or otherwise discovers that there is, or potentially could be CUI involved in the contract and it was not properly identified on an SF XXX, the contracting officer must coordinate with the requiring activity to determine if the information is CUI. If the agency determines that the information is CUI, then the agency must take the following steps:
(1) If the agency wants the contractor to handle this kind of CUI during performance of the contract, the contracting officer must—
(i) Coordinate with the requiring activity to have the SF XXX updated and CUI marked;
(ii) Modify the contract to incorporate the new SF XXX and, if CUI was not previously anticipated under the contract, to incorporate the clause at 52.240-7; and
(iii) Consider any request for equitable adjustment submitted by the contractor, as appropriate.
(2) If the agency does not want the contractor to handle this kind of CUI, the contracting officer must coordinate with the requiring activity to address the CUI ( e.g., retrieve the CUI) and must convey such instructions to the contractor.
(e) Refer to 3.104-4 for procedures related to the disclosure, protection, and marking of contractor proprietary business information, contractor bid or proposal information, and source selection information submitted to the Government.
(f)(1) Follow agency procedures when providing any CUI to an offeror to ensure offeror compliance with the requirements in 32 CFR part 2002.
(2) Follow any applicable agency procedures for validating contractor compliance with the requirements of the clause at 52.240-7.
(g) If the contracting officer is provided a disclosure in accordance with 52.240-6(d), the contracting officer must follow agency procedures to determine if a waiver may be granted.
(a) Agencies must protect against the improper use or release of information that includes contractor proprietary business information or contractor-attributional information to the extent required by law.
(b) Upon notification of a CUI incident at a non-Federally-controlled facility, the contracting officer must notify the requiring activity of the CUI incident as soon as practicable and in accordance with agency procedures. If the CUI incident occurs on an order against an indefinite delivery contract, the ordering agency contracting officer must notify the contracting officer for the indefinite delivery contract.
(c) When the contractor is required to provide information system images preserved under the requirements of paragraph (g)(4) of the clause at 52.240-7, in accordance with agency procedures, the contracting officer must provide instructions to the contractor for submitting the system images. The contractor is required to hold the system images for 90 days unless the Government declines interest.
(d)(1) The contracting officer must not interpret a contractor's report of a CUI incident to mean that the contractor or a subcontractor at any tier failed to provide adequate safeguards for CUI or otherwise failed to meet the requirements of the clause at 52.240-7, without an investigation resulting in determinations and findings by the agency.
(2) When a CUI incident is reported, the contracting officer must consult with appropriate agency personnel ( e.g., program office or requiring activity) before taking any action under the contract related to the CUI incident. When the contract includes the clause at 52.240-7, the contracting officer must consider such CUI incidents in the context of an overall assessment of the contractor's compliance with the requirements of the clause at 52.240-7.
(3) The contracting officer must consult with the appropriate agency personnel concerning any unmarked or mismarked CUI in accordance with agency procedures if they are notified by the contractor—
(i) There is potential unmarked or mismarked CUI; or
(ii) The contractor is not able to comply with one of the requirements in the clause at 52.240-7 due to conflict with another law or regulation.
(a) Insert the provision at 52.240-6, Notice of Controlled Unclassified Information Requirements, in solicitations that contain the clause at 52.240-7.
(b) Except for solicitations and contracts solely for the acquisition of commercially available off-the-shelf items, insert the clause at 52.240-7, Controlled Unclassified Information, and include an SF XXX Controlled Unclassified Information (CUI) Requirements, in solicitations and contracts if the requiring activity has marked the “Yes” box in Part A of the SF XXX.
Note: The following form, Controlled Unclassified Information (CUI), will not be published in the CFR.
BILLING CODE 6820-EP-P






BILLING CODE 6820-EP-C
PART 52—SOLICITATION PROVISIONS AND CONTRACT CLAUSES
2. The authority citation for 48 CFR part 52 continues to read as follows:
Authority:
41 U.S.C. 1121(b); 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
3. Remove and reserve section 52.000.
4. Revise subpart 52.1 to read as follows:
Subpart 52.1—Instructions for Using Provisions and Clauses Sec. 52.100 Scope of subpart. 52.101 Using Part 52. 52.102 [Reserved] 52.103 Identification of provisions and clauses. 52.104 Procedures for modifying and completing provisions and clauses. 52.105 Procedures for using alternates. 52.106 [Reserved] 52.107 Provisions and clauses prescribed in subpart 52.1.
This subpart—
(a) Explains how to use part 52, including provision and clause numbers, prescriptions, and the Smart Matrix; and
(b) Describes procedures for incorporating, identifying, and modifying provisions and clauses in solicitations and contracts, and for using alternates.
(a) Prescriptions. Each provision or clause in subpart 52.X is prescribed in corresponding FAR text where the topic is addressed. The prescription includes all conditions, requirements, and instructions for using the provision or clause and its alternates, if any.
(b) Smart Matrix. Find the provision and clause selection tool at https://www.acquisition.gov/smart-matrix.
(c) Dates. All provisions, clauses, and alternates must be dated to avoid ambiguity, e.g., (Feb. 2026).
(a) Standard identification. Provisions and clauses used without deviation, must be identified by number, title, and date. Deviations should themselves also have a date. Add “(DEVIATION (DATE))” after the provision or clause date, when using an authorized deviation.
(b) Agency supplements. Provisions or clauses that supplement the FAR must also be clearly identified by number, title, date, and name of the regulation. Deviations should themselves also have a date. Add “(DEVIATION (DATE))” after the provision or clause date, when using an authorized deviation.
(c) Local/sub-agency level supplements. Use number, title, date, and the name of the agency or suborganization within the agency that developed it.
Only make authorized changes. Do not modify provisions and clauses unless the FAR specifically authorizes or requires the modification. For example—
(a) “The contracting officer may use a period shorter than 60 days (but not less than 30 days) in paragraph (x) of the clause”; or
(b) “The contracting officer may substitute the words `task order' for the word `Schedule' wherever that word appears in the clause.” or
(c) “The patent number is __ [ Contracting Officer fill in ], and the royalty rate is __ [ Contracting Officer fill in ].”
(a) The FAR provides different versions of provisions and clauses called “alternates” when needed for different situations. They are titled “Alternate I,” “Alternate II,” etc.
(b) When an alternate is used, its date must be cited along with the date of the basic provision or clause, e.g., 52.209-3 First Article Approval-Contractor Testing (Oct 1983)-Alternate I (Dec 1983).
(c) Under certain circumstances, a provision or clause may be used with two or more alternates. In these circumstances, each of the applicable alternates must be cited, e.g., 52.209-3 First Article Approval-Contractor Testing (Oct 1983)-Alternate I (Dec 1983) and Alternate II (Feb 1984). Never use an alternate to a specific provision or clause with a different provision or clause.
(a) Insert the provision at 52.252-3, Alterations in Solicitation, in solicitations, including those for commercial products and commercial services, in order to revise or supplement, as necessary, other parts of the solicitation that apply to the solicitation phase only, except for any provision authorized for use with a deviation. Include clear identification of what is being altered.
(b) Insert the clause at 52.252-4, Alterations in Contract, in solicitations and contracts, including those for commercial products and commercial services, in order to revise or supplement, as necessary, other parts of the contract, or parts of the solicitations that apply to the contract phase, except for any clause authorized for use with a deviation. Include clear identification of what is being altered.
(c) Insert the provision at 52.252-5, Authorized Deviations in Provisions, in solicitations, including those for commercial products and commercial services, that include any FAR or supplemental provision with an authorized deviation.
(d) Insert the clause at 52.252-6, Authorized Deviations in Clauses, in solicitations and contracts, including those for commercial products and commercial services, that include any FAR or supplemental clause with an authorized deviation.
5. Revise section 52.200 to read as follows:
This subpart sets forth the text of all FAR provisions and clauses and gives a cross-reference to the location in the FAR that prescribes the provision or clause.
6. Remove and reserve section 52.201-1.
7. Add section 52.201-2 to read as follows:
As prescribed in 1.605, insert the following clause:
(a) Any data required to be submitted on a Standard or Optional Form may be submitted on a computer generated version of the form, provided there is no change to the name, content, or sequence of the data elements on the form, and provided the form carries the Standard or Optional Form number and edition date.
(b) Unless prohibited by agency regulations, any data required to be submitted on an agency unique form prescribed by an agency supplement to the FAR may be submitted on a computer generated version of the form provided there is no change to the name, content, or sequence of the data elements on the form and provided the form carries the agency form number and edition date.
(c) If the Contractor submits a computer generated version of a form that is different from the required form, then the rights and obligations of the parties will be determined based on the content of the required form.
(End of clause)
8. Revise section 52.202-1 to read as follows:
As prescribed in 2.201, insert the following clause:
Definitions (DATE)
When a solicitation provision or contract clause uses a word or term that is defined in the Federal Acquisition Regulation (FAR), the word or term has the same meaning as the definition in FAR 2.101 in effect at the time the solicitation was issued, unless—
(a) The solicitation, or amended solicitation, provides a different definition;
(b) The contracting parties agree to a different definition;
(c) The part, subpart, or section of the FAR where the provision or clause is prescribed provides a different meaning;
(d) The word or term is defined in FAR part 31, for use in the cost principles and procedures; or
(e) The word or term defines an acquisition-related threshold, and if the threshold is adjusted for inflation as set forth in FAR 1.108, then the changed threshold applies throughout the remaining term of the contract, unless there is a subsequent threshold adjustment; see FAR 1.108.
(End of clause)
9. Remove and reserve sections 52.204-1 through 52.204-4.
10. Revise section 52.204-5 to read as follows:
As prescribed in 4.208(a), insert the following provision:
(a) Definition. Women-owned business concern, as used in this provision, means a concern that is at least 51 percent owned by one or more women; or in the case of any publicly owned business, at least 51 percent of its stock is owned by one or more women; and whose management and daily business operations are controlled by one or more women.
(b) Representation. [Complete only if the offeror is a women-owned business concern and has not represented itself as a small business concern in paragraph (c)(1) of FAR 52.219-1, Small Business Program Representations, of this solicitation.] The offeror represents that it ☐ is a women-owned business concern.
(End of provision)
11. Remove and reserve section 52.204-6.
12. Revise section 52.204-7 to read as follows:
As prescribed in 4.208(b)(1), insert the following provision:
The Offeror must have an active Federal Government contracts registration in the System for Award Management (SAM) when submitting an offer or quotation in response to this solicitation and at the time of award. As part of the SAM registration process, the Government collects information, as described in paragraphs (b) through (d) of this provision, that is necessary to identify the Offeror and for the Offeror to be awarded Federal Government contracts. To register in SAM, go to https://www.sam.gov. Allow for processing time when registering in SAM. If the Offeror is not registered in SAM, it should register immediately after receiving this solicitation.
(a) Definitions. As used in this provision—
Commercial and Government Entity (CAGE) code has the meaning provided in the clause at the Federal Acquisition Regulation (FAR) 52.204-13, System for Award Management—Maintenance, of this solicitation.
Electronic Funds Transfer (EFT) indicator means a bank account identifier to establish additional System for Award Management records for identifying alternative EFT accounts (see FAR part 32) for the same entity.
Highest-level owner means the entity that owns or controls an immediate owner of the offeror, or that owns or controls one or more entities that control an immediate owner of the offeror. No entity owns or exercises control of the highest-level owner.
Immediate owner means an entity, other than the offeror, that has direct control of the offeror. Indicators of control include, but are not limited to, one or more of the following: ownership or interlocking management, identity of interests among family members, shared facilities and equipment, and the common use of employees. There may be more than one immediate owner ( e.g., joint ventures).
Predecessor means an entity whose assets were acquired by the offeror or another entity (most often through merger or acquisition) and whose affairs are now carried out by the offeror or the other entity under a new name.
Taxpayer identification number means the number required by the Internal Revenue Service (IRS) to be used by the offeror to report income tax and other returns. It may be either a Social Security Number or an Employer Identification Number.
Unique entity identifier (UEI) has the meaning provided in the clause at FAR 52.204-13, System for Award Management—Maintenance, of this solicitation.
(b) Identifiers. The Offeror must obtain and provide the following identifying information:
(1) Unique entity identifier (UEI).
(i) The Offeror must obtain a UEI to register in SAM. The Government will independently validate the existence and uniqueness of the Offeror before assigning a UEI to the Offeror. Go to https://www.sam.gov for instructions on obtaining a UEI.
(ii) The Offeror must enter, in the block with its name and address on the cover page of its offer, the annotation “Unique Entity Identifier” followed by the UEI that identifies the Offeror's name and address exactly as stated in the offer. The Offeror must also enter its EFT indicator, if applicable.
(iii) The Contracting Officer will use the UEI to verify that the Offeror has an active Federal Government contracts registration in SAM.
(2) Taxpayer identification number (TIN). The Offeror must provide its TIN or related information to comply with debt collection requirements of 31 U.S.C. 7701(c) and 3325(d); reporting requirements of 26 U.S.C. 6041, 6041A, and 6050M; and implementing regulations issued by the IRS. The Offeror must consent for TIN validation; and
(3) Commercial and Government Entity (CAGE) code.
(i) The Offeror must provide a CAGE code and legal business name (Do not use a “doing business as” name) for—
(A) Itself;
(B) Its immediate owner(s), if any;
(C) Its highest-level owner, if any; and
(D) Any predecessor(s), or predecessor of an Offeror's predecessor, that held a Federal contract or grant within the last three years.
(ii) If the Offeror is in the United States or its outlying areas and does not already have a CAGE code assigned, the DLA CAGE Branch will assign a CAGE code to the Offeror as a part of the SAM registration process. For information on obtaining a CAGE code go to https://cage.dla.mil/.
(iii) The Offeror must get from any immediate and/or highest-level owner(s) their respective CAGE code(s) to provide the code(s) as part of the registration (FAR 52.204-7(b)(3)(i)).
(iv) If the Offeror is located outside of the United States or its outlying areas, and does not already have a CAGE code assigned, the Offeror may obtain a CAGE code as indicated in the following table.
| If the Offeror is . . . | Then . . . |
|---|---|
| Located in a country that is a member of the North Atlantic Treaty Organization (NATO) or a sponsored nation | Contact the appropriate National Codification Bureau ( https://www.nato.int/structur/ac/135/about/contacts ). |
| Located in a country that is not a member of NATO or a sponsored nation | Contact the NATO Support and Procurement Agency (NSPA) ( https://eportal.nspa.nato.int/AC135Public/scage/CageList.aspx ). |
(c) Representations and certifications.
(1) The following FAR solicitation provisions contain entity-level representations and certifications that the Offeror must submit as part of their Federal Government contracts registration in SAM:
| Provision | Title | Date |
|---|---|---|
| 52.204-5 | Women-Owned Business (Other Than Small Business) | DATE. |
| 52.209-2 | Prohibition on Contracting with Inverted Domestic Corporations—Representation | DATE. |
| 52.209-5 | Certification Regarding Responsibility Matters | DATE. |
| 52.209-11 | Representation by Corporations Regarding Delinquent Tax Liability or a Felony Conviction under any Federal Law | DATE. |
| 52.219-1 | Small Business Program Representations | DATE. |
| 52.219-1 Alt I | Small Business Program Representations, with its Alternate I | DATE. |
| 52.219-1 Alt II | Small Business Program Representations, with its Alternate II | DATE. |
| 52.226-2 | Historically Black College or University and Minority Institution Representation | DATE. |
(2) By submitting its offer, the Offeror verifies that, as of the date of its offer, its representations and certifications posted electronically in SAM for the provisions listed in paragraph (c)(1) of this provision are current, accurate, and complete. The Offeror's representations and certifications in SAM are hereby incorporated by reference into its offer.
(d) Other information. The Offeror must provide more information on its business operations and type that is necessary to be considered for award of certain contracts and financial information necessary to receive payment under contracts.
(End of provision)
Alternate I (DATE). As prescribed in 4.208(b)(1), replace the first sentence of the introductory paragraph of the basic provision with the following sentences:
The Offeror must have an active Federal Government contracts registration in the System for Award Management (SAM) as soon as possible. If registration is not possible when submitting an offer or quotation, the awardee must be registered in SAM according to the requirements of the Alternate I of clause at FAR 52.204-13, System for Award Management-Maintenance.
13. Remove and reserve section 52.204-8.
14. Revise sections 52.204-9 and 52.204-10 to read as follows:
As prescribed in 4.208(d), insert the following clause:
(a) Policy. The Contractor must comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget guidance M-05-24, and Federal Information Processing Standards Publication (FIPS PUB) Number 201.
(b) Returning identification to the Government. The Contractor must account for all forms of Government-provided identification issued to the Contractor employees in connection with performance under this contract. The Contractor must return such identification to the issuing agency at the earliest of any of the following, unless otherwise determined by the Government:
(1) When no longer needed for contract performance.
(2) Upon completion of the Contractor employee's employment.
(3) Upon contract completion or termination.
(c) Remedy for noncompliance. The Contracting Officer may delay final payment under a contract if the Contractor fails to comply with these requirements.
(d) Subcontracts. The Contractor must insert the substance of this clause, including this paragraph (d), in subcontracts, including those for commercial products (other than commercially available off-the-shelf items) or commercial services, when the subcontractor's employees are required to have routine physical access to a Federally-controlled facility and/or routine access to a Federal information system. The prime Contractor must return its subcontractors' identifications to the issuing agency in accordance to the terms in paragraph (b) of this clause, unless otherwise approved in writing by the Contracting Officer.
(End of clause)
As prescribed in 4.208(e), insert the following clause:
(a) Definitions. As used in this clause:
Executive means officers, managing partners, or any other employees in management positions.
First-tier subcontract means a subcontract awarded directly by the Contractor to acquire supplies or services (including construction), other than those for commercial products or commercial services, for performing a prime contract. It does not include the Contractor's supplier agreements with vendors, such as long-term arrangements for materials or supplies that benefit multiple contracts and/or the costs of which are normally applied to a contractor's general and administrative expenses or indirect costs.
Month of award means the month in which the Contracting Officer signs a contract or the month in which the Contractor signs a first-tier subcontract.
Total compensation means the cash and noncash dollar value earned by the executive during the Contractor's preceding fiscal year and includes the information described at 17 CFR 229.402(c)(2).
(b) Requirement. Section 2(d)(2) of the Federal Funding Accountability and Transparency Act of 2006 (Pub. L. 109-282), as amended by section 6202 of the Government Funding Transparency Act of 2008 (Pub. L. 110-252), requires the Contractor to report information on subcontract awards. The law requires all reported information be made public; therefore, the Contractor is responsible for notifying its subcontractors that the required information will be made public. Nothing in this clause requires disclosing classified information.
(c) Reporting. Unless otherwise directed by the Contracting Officer, or as provided in paragraph (f) of this clause, the Contractor must report the following in the System for Award Management at https://www.sam.gov as follows:
(1) Executive compensation of the prime contractor. The Contractor must report the names and total compensation of each of the five most highly compensated executives for its preceding completed fiscal year, if—
(i) In the Contractor's preceding fiscal year, the Contractor received—
(A) 80 percent or more of its annual gross revenues from Federal contracts (and subcontracts); loans, grants (and subgrants); cooperative agreements; and other forms of Federal financial assistance; and
(B) $25,000,000 or more in annual gross revenues from Federal contracts (and subcontracts); loans, grants (and subgrants); cooperative agreements; and other forms of Federal financial assistance; and
(ii) The public does not have access to information about the compensation of the executives through periodic reports filed under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m(a), 78o(d)) or section 6104 of the Internal Revenue Code of 1986. (To determine if the public has access to the compensation information, see the U.S. Security and Exchange Commission total compensation filings at http://www.sec.gov/answers/execomp.htm. ).
(2) First-tier subcontract information. The Contractor must report the following information by the end of the month following the month of award of each first-tier subcontract award:
(i) Unique entity identifier for the subcontractor receiving the award and for the subcontractor's ultimate parent company, if the subcontractor has a parent company.
(ii) Name of the subcontractor.
(iii) Amount of the subcontract award.
(iv) Date of the subcontract award.
(v) A description of the products or services (including construction) being provided under the subcontract, including the overall purpose and expected outcomes or results of the subcontract.
(vi) The subcontract number assigned by the Prime Contractor.
(vii) Subcontractor's physical address.
(viii) Subcontractor's primary performance location.
(ix) The prime contract number, and order number if applicable.
(x) Awarding agency name and code.
(xi) Funding agency name and code.
(xii) Government contracting office code.
(xiii) The applicable North American Industry Classification System code.
(3) Executive compensation of the first-tier subcontractor. The Contractor must report by the end of the month following the month of award of a first-tier subcontract award and annually thereafter (calculated from the prime contract award date) the names and total compensation of each of the five most highly compensated executives for that subcontractor in the subcontractor's preceding completed fiscal year, if—
(i) In the subcontractor's preceding fiscal year, the subcontractor received—
(A) 80 percent or more of its annual gross revenues from Federal contracts (and subcontracts); loans, grants (and subgrants); cooperative agreements; and other forms of Federal financial assistance; and
(B) $25,000,000 or more in annual gross revenues from Federal contracts (and subcontracts); loans, grants (and subgrants); cooperative agreements; and other forms of Federal financial assistance; and
(ii) The public does not have access to information about the compensation of the executives through periodic reports filed under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m(a), 78o(d)) or section 6104 of the Internal Revenue Code of 1986 (see http://www.sec.gov/answers/execomp.htm ).
(d) Restriction. The Contractor must not split or break down subcontracts to a value below the threshold at the Federal Acquisition Regulation 4.208(e), on the date of subcontract award, to avoid the reporting requirements in paragraph (c) of this clause.
(e) Duration. Continued reporting on first-tier subcontracts is not required unless one of the reported data elements changes during the performance of the subcontract. The Contractor is not required to make further reports after a first-tier subcontract expires.
(f) Exceptions.
(1) If the Contractor in the previous tax year had gross income from all sources under $300,000, the Contractor is exempt from the requirement to report subcontractor awards.
(2) If a subcontractor in the previous tax year had gross income from all sources under $300,000, the Contractor does not need to report awards for that subcontractor.
(g) Prepopulated data. The SAM Subaward Reporting will prepopulate with some information from the SAM Contract Awards Management. If the SAM Contract Awards Management information is incorrect, the Contractor should notify the Contracting Officer. If the SAM information is incorrect, the Contractor is responsible for correcting this information.
(End of clause)
15. Remove and reserve section 52.204-12.
16. Revise sections 52.204-13 through 52.204-15 to read as follows:
As prescribed in 4.208(b)(2), use the following clause:
(a) Definitions. As used in this clause—
Commercial and Government Entity code means—
(1) An identifier assigned to entities located in the United States or its outlying areas by the Defense Logistics Agency (DLA) Commercial and Government Entity (CAGE) Branch to identify a commercial or government entity by unique location (referred to as “CAGE code”); or
(2) An identifier assigned by a member of the North Atlantic Treaty Organization (NATO) or by the NATO Support and Procurement Agency to entities located outside the United States and its outlying areas that the DLA CAGE Branch records and maintains in the CAGE master file (referred to as “NCAGE code”).
Unique Entity Identifier (UEI) means an identifier used to identify a specific commercial, nonprofit, or Government entity.
(b) Active registration.
(1) The Contractor must maintain an active Federal Government contracts registration in the System for Award Management (SAM) at https://www.sam.gov during contract performance and through final payment under this contract. To maintain an active registration in SAM, the Contractor must review at least annually its registration in SAM and validate that the information is current, accurate, and complete.
(2) The Contractor is responsible for the currency, accuracy, and completeness of the information provided within SAM, and for any liability resulting from the Government's reliance on inaccurate or incomplete information. Updating SAM does not alter the terms and conditions of this contract and is not a substitute for a properly executed contractual document.
(c) Novation and change-of-name agreements.
(1) If the Contractor has legally changed its business name or “doing business as” name (whichever is shown on the contract), or has transferred the assets used to perform the contract, but has not completed the necessary requirements regarding novation and change-of-name agreements in part 42 of the Federal Acquisition Regulation (FAR), the Contractor must provide the responsible Contracting Officer a minimum of one business day's written notification of its intention to —
(i) Change the legal business name in SAM;
(ii) Comply with the requirements of FAR part 42; and
(iii) Agree in writing to the timeline and procedures specified by the responsible Contracting Officer. The Contractor must provide with its written notification sufficient documentation to support the legally changed name.
(2) If the Contractor fails to comply with the requirements of paragraph (c)(1) of this clause, or fails to perform the agreement at paragraph (c)(1)(iii) of this clause, and, in the absence of a properly executed novation or change-of-name agreement, the SAM information that shows the Contractor to be other than the Contractor indicated in the contract will be considered to be incorrect information within the meaning of the “Suspension of Payment” paragraph of the electronic funds transfer (EFT) clause of this contract.
(d) Assignees.
(1) The Contractor must not change the legal business name or address for EFT payments or manual payments, as appropriate, in the SAM record to reflect an assignee for the purpose of assignment of claims (see FAR part 32). Assignees must be separately registered in SAM.
(2) Information provided to the Contractor's SAM record that indicates payments, including those made by EFT, to an ultimate recipient other than that Contractor will be incorrect information within the meaning of the “Suspension of Payment” paragraph of the EFT clause of this contract.
(e) Unique entity identifier (UEI). The Contractor must ensure that its UEI is maintained throughout the life of the contract.
(f) Commercial and Government Entity (CAGE) code. The Contractor must ensure that the CAGE code is maintained throughout the life of the contract. To update a CAGE code, the Contractor must initiate the change by updating its SAM registration.
(g) Communicating changes. The Contractor must communicate any change to its UEI or CAGE code to the Contracting Officer within 30 days after the change, so a modification can be issued to update the UEI or CAGE code on this contract. A change in the UEI does not necessarily require a novation.
(End of clause)
Alternate I (DATE). As prescribed in 4.208(b)(2), replace paragraph (b) of the basic clause with the following paragraph (b):
(b) Active registration.
(1) If the Contractor was unable to register for Federal Government contracts in the System for Award Management (SAM) at https://www.sam.gov before award, the Contractor must register in SAM within 30 days after contract award or at least three days before submitting the first invoice, whichever occurs first.
(2) The Contractor must maintain an active Federal Government contracts registration in SAM during contract performance and through final payment under this contract. To maintain an active registration in SAM, the Contractor must review at least annually its registration in SAM and validate that the information is current, accurate, and complete.
(3) The Contractor is responsible for the currency, accuracy, and completeness of the information provided within SAM, and for any liability resulting from the Government's reliance on inaccurate or incomplete information. Updating SAM does not alter the terms and conditions of this contract and is not a substitute for a properly executed contractual document.
As prescribed in 4.208(f)(2), insert the following clause:
(a) Definition. As used in this clause—
First-tier subcontract means a subcontract awarded directly by the Contractor to acquire supplies or services (including construction), other than those for commercial products or commercial services, for performing a prime contract. It does not include the Contractor's supplier agreements with vendors, such as long-term arrangements for materials or supplies that benefit multiple contracts and/or the costs of which are normally applied to a contractor's general and administrative expenses or indirect costs.
(b) Requirement. The Contractor must report, according to paragraphs (c) and (d) of this clause, annually by October 31, for services performed under this contract during the preceding Government fiscal year (October 1-September 30).
(c) Report elements. The Contractor must report the following information:
(1) Contract number and, as applicable, order number.
(2) The total dollar amount invoiced for services performed during the previous Government fiscal year under the contract.
(3) The number of Contractor direct labor hours expended on the services performed during the previous Government fiscal year.
(4) Data reported by subcontractors under paragraph (f) of this clause.
(d) Remedies. The Contractor must submit the information required in paragraph (c) of this clause in the System for Award Management (SAM) at https://www.sam.gov (see SAM User Guide). If the Contractor fails to submit the report in a timely manner, the Contracting Officer will exercise appropriate contractual remedies. In addition, the Contracting Officer will make the Contractor's failure to comply with the reporting requirements a part of the Contractor's performance information under the Federal Acquisition Regulation (FAR) part 42.
(e) Review. Agencies will review Contractor-reported information for reasonableness and consistency with available contract information. If the agency believes that revisions to the Contractor's reported information are warranted, the agency will notify the Contractor. The Contractor must revise the report, or put its reason in writing for the agency.
(f) Subcontracts.
(1) The Contractor must require each first-tier subcontractor with first-tier subcontract(s) each valued at or more than the thresholds at FAR 4.304(b), to provide the following detailed information to the Contractor in sufficient time to submit the report:
(i) Subcontract number (including subcontractor name and unique entity identifier); and
(ii) The number of first-tier subcontractor direct-labor hours expended on the services performed during the previous Government fiscal year.
(2) The Contractor must tell the subcontractor that the information will be made available to the public as required by section 743 of Division C of the Consolidated Appropriations Act, 2010.
(End of clause)
As prescribed in 4.208(f)(3), insert the following clause:
(a) Definition. As used in this clause—
First-tier subcontract means a subcontract awarded directly by the Contractor to acquire supplies or services (including construction), other than those for commercial products or commercial services, for performing a prime contract. It does not include the Contractor's supplier agreements with vendors, such as long-term arrangements for materials or supplies that benefit multiple contracts and/or the costs of which are normally applied to a contractor's general and administrative expenses or indirect costs.
(b) Requirement. The Contractor must report, according to paragraphs (c) and (d) of this clause, annually by October 31, for services performed during the preceding Government fiscal year (October 1-September 30) under this contract for orders that exceed the thresholds established in FAR 4.304(b).
(c) Report elements. The Contractor must report the following information:
(1) Contract number and order number.
(2) The total dollar amount invoiced for services performed during the previous Government fiscal year under the order.
(3) The number of Contractor direct labor hours expended on the services performed during the previous Government fiscal year.
(4) Data reported by subcontractors under paragraph (f) of this clause.
(d) Remedies. The Contractor must submit the information required in paragraph (c) of this clause in the System for Award Management (SAM) at https://www.sam.gov (see SAM User Guide). If the Contractor fails to submit the report in a timely manner, the Contracting Officer will exercise appropriate contractual remedies. In addition, the Contracting Officer will make the Contractor's failure to comply with the reporting requirements a part of the Contractor's performance information under the Federal Acquisition Regulation (FAR) part 42.
(e) Review. Agencies will review Contractor-reported information for reasonableness and consistency with available contract information. If the agency believes that revisions to the Contractor's reported information are warranted, the agency will notify the Contractor. The Contractor must revise the report, or put its reason in writing for the agency.
(f) Subcontracts.
(1) The Contractor must require each first-tier subcontractor with first-tier subcontract(s) each valued at or more than the thresholds at FAR 4.304(b), to provide the following detailed information to the Contractor in sufficient time to submit the report:
(i) Subcontract number (including subcontractor name and unique entity identifier); and
(ii) The number of first-tier subcontractor direct-labor hours expended on the services performed during the previous Government fiscal year.
(2) The Contractor must tell the subcontractor that the information will be made available to the public as required by section 743 of Division C of the Consolidated Appropriations Act, 2010.
(End of clause)
17. Remove and reserve sections 52.204-16 through 52.204-18.
18. Revise section 52.204-19 to read as follows:
As prescribed in 4.208(g), insert the following clause:
The Contractor's representations and certifications, including those completed electronically via the System for Award Management (SAM), are incorporated by reference into the contract.
(End of clause)
19. Remove and reserve sections 52.204-20 through 52.204-30.
20. Add sections 52.204-XX and 52.204-YY to read as follows:
As prescribed in 4.208(c)(1), insert the following provision:
If the Offeror will not have an active Federal Government contracts registration in the System for Award Management ( https://www.sam.gov ) when submitting its offer, it must complete paragraphs (c) and (d) of this provision and include its responses with its offer.
(a) Definitions. As used in this provision—
Commercial and Government Entity (CAGE) code has the meaning provided in the clause at the Federal Acquisition Regulation (FAR) 52.204-YY, Contractor Identification, of this solicitation.
Common parent means that corporate entity that owns or controls an affiliated group of corporations that files its Federal income tax returns on a consolidated basis, and of which the offeror is a member.
Electronic Funds Transfer (EFT) indicator means a bank account identifier to establish additional System for Award Management records for identifying alternative EFT accounts (see FAR part 32) for the same entity.
Highest-level owner means the entity that owns or controls an immediate owner of the offeror, or that owns or controls one or more entities that control an immediate owner of the offeror. No entity owns or exercises control of the highest-level owner.
Immediate owner means an entity, other than the offeror, that has direct control of the offeror. Indicators of control include, but are not limited to, one or more of the following: ownership or interlocking management, identity of interests among family members, shared facilities and equipment, and the common use of employees. There may be more than one immediate owner ( e.g., joint ventures).
Predecessor means an entity whose assets were acquired by the offeror or another entity (most often through merger or acquisition) and whose affairs are now carried out by the offeror or the other entity under a new name.
Taxpayer Identification Number means the number required by the Internal Revenue Service (IRS) to be used by the offeror to report income tax and other returns. It may be either a Social Security Number or an Employer Identification Number.
Unique entity identifier (UEI) has the meaning provided in the clause at FAR 52.204-YY, Contractor Identification, of this solicitation.
(b) Unique entity identifier (UEI).
(1) The Offeror must enter, in the block with its name and address on the cover page of its offer, the annotation “Unique Entity Identifier” followed by the UEI that identifies the Offeror's name and address exactly as stated in the offer. The Offeror must also enter its EFT indicator, if applicable.
(2) If the Offeror does not have a UEI, it must go to https://www.sam.gov to obtain one. The Government will independently validate the existence and uniqueness of the Offeror before assigning a UEI.
(c) Taxpayer identification. The Offeror must provide with its offer the following information that is necessary to comply with debt collection requirements of 31 U.S.C. 7701(c) and 3325(d); reporting requirements of 26 U.S.C. 6041, 6041A, and 6050M; and the implementing IRS regulations:
(1) Taxpayer identification number (TIN).
□ TIN: ___;
□ TIN has been applied for; or
□ TIN is not required because:
□ Offeror is a nonresident alien, foreign corporation, or foreign partnership that does not have income effectively connected with the conduct of a trade or business in the United States and does not have an office or place of business or a fiscal paying agent in the United States;
□ Offeror is an agency or instrumentality of a foreign government; or
□ Offeror is an agency or instrumentality of the Federal Government.
(2) Type of organization.
□ Sole proprietorship;
□ Partnership;
□ Corporate entity (not tax-exempt);
□ Corporate entity (tax-exempt);
□ Government entity (Federal, State, or local);
□ Foreign government;
□ International organization per 26 CFR 1.6049-4; or
□ Other.
(3) Common parent.
□ Offeror is not owned or controlled by a common parent as defined in paragraph (a) of this provision; or
□ Name and TIN of common parent:
Name: ___
TIN: ___
(4) The TIN provided in paragraph (c)(1) of this provision may be matched with IRS records to verify the accuracy of the Offeror's TIN. The Government may use the TIN to collect and report on any delinquent amounts arising out of the Offeror's relationship with the Government (31 U.S.C. 7701(c)(3)).
(d) Commercial and Government Entity (CAGE) code.
(1) The Offeror must provide its CAGE code with its offer with its name and location address or otherwise include it prominently in its offer. The CAGE code must be for that name and location address. Insert the word “CAGE” before the code. The Offeror may obtain a CAGE code as indicated in the following table.
| If the Offeror is . . . | Then . . . |
|---|---|
| Located in the United States or its outlying areas | Submit a request to the DLA CAGE Branch via https://cage.dla.mil . |
| Located outside the United States and its outlying areas and its country is a member of the North Atlantic Treaty Organization (NATO) or a sponsored nation | Contact the appropriate National Codification Bureau ( https://www.nato.int/structur/ac/135/about/contacts ). |
| Located outside the United States and its outlying areas and its country is not a member of NATO or a sponsored nation | Contact the NATO Support and Procurement Agency (NSPA) ( https://eportal.nspa.nato.int/AC135Public/scage/CageList.aspx ). |
(2) The Offeror must provide the CAGE code and legal business name (Do not use a “doing business as” name) for—
(i) Its immediate owner(s), if any;
(ii) Its highest-level owner, if any; and
(iii) Any predecessor(s), or predecessor of an Offeror's predecessor, that held a Federal contract or grant within the last three years.
Owner type CAGE code Legal business name Immediate owner Highest-level owner Predecessor * * Predecessor CAGE code may be marked “Unknown.”
(3) If the Offeror has more than one immediate owner (such as a joint venture), give the information for each owner (or joint venture participant). If the Offeror has more than one predecessor, provide information for each predecessor in reverse chronological order.
(End of provision)
As prescribed in 4.208(c)(2), insert the following clause:
(a) Definitions. As used in this clause—
Commercial and Government Entity code means—
(1) An identifier assigned to entities located in the United States or its outlying areas by the Defense Logistics Agency (DLA) Commercial and Government Entity (CAGE) Branch to identify a commercial or government entity by unique location (referred to as “CAGE code”); or
(2) An identifier assigned by a member of the North Atlantic Treaty Organization (NATO) or by the NATO Support and Procurement Agency (NSPA) to entities located outside the United States and its outlying areas that the DLA CAGE Branch records and maintains in the CAGE master file (referred to as “NCAGE code”).
Unique entity identifier means an identifier used to identify a specific commercial, nonprofit, or Government entity.
(b) Unique entity identifier (UEI). The Contractor must ensure that its UEI is maintained throughout the life of the contract.
(c) Commercial and Government Entity ( CAGE) code. The Contractor must ensure that the CAGE code is maintained throughout the life of the contract. The Contractor must request changes to a CAGE code as indicated in the following table.
| If the Contractor is . . . | Then . . . |
|---|---|
| Registered in the System for Award Management (SAM) | Initiate the change by updating its SAM registration. |
| Located in the United States or its outlying areas and is not registered in SAM | Submit a change request to the DLA CAGE Branch via https://cage.dla.mil . |
| Located outside the United States and its outlying areas and is not registered in SAM | Request a change by contacting the appropriate National Codification Bureau ( https://www.nato.int/structur/ac/135/about/contacts ) or NSPA ( https://eportal.nspa.nato.int/AC135Public/scage/CageList.aspx ). |
(d) Communicating changes. The Contractor must communicate any change to its UEI or CAGE code to the Contracting Officer within 30 days after the change, so a modification can be issued to update the UEI or CAGE code on this contract. A change in the UEI does not necessarily require a novation.
(End of clause)
21. Revise sections 52.233-1 through 52.233-4 to read as follows:
As prescribed in 33.206(a), insert the following clause:
(a) As used in this clause—
Claim means a written demand or written assertion by one of the contracting parties seeking, as a matter of right, the payment of money in a sum certain, the adjustment or interpretation of contract terms, or other relief arising under or relating to this contract. However, a written demand or written assertion by the Contractor seeking the payment of money exceeding $100,000 is not a claim under 41 U.S.C. chapter 71 until certified. A voucher, invoice, or other routine request for payment that is not in dispute when submitted is not a claim under 41 U.S.C. chapter 71. The submission may be converted to a claim under 41 U.S.C. chapter 71, by complying with the submission and certification requirements of this clause, if it is disputed either as to liability or amount or is not acted upon in a reasonable time.
Defective certification means a certification that alters or otherwise deviates from the language in paragraph (d)(2)(iii) of this clause or which is not executed by a person authorized to bind the contractor with respect to the claim. Failure to certify must not be deemed to be a defective certification.
(b) This contract is subject to 41 U.S.C. chapter 71, Contract Disputes.
(c) Except as provided in 41 U.S.C. chapter 71, all disputes arising under or relating to this contract must be resolved under this clause.
(d)(1) A claim by the Contractor must be made in writing and, unless otherwise stated in this contract, submitted within 6 years after accrual of the claim to the Contracting Officer for a written decision. A claim by the Government against the Contractor must be subject to a written decision by the Contracting Officer.
(2)(i) The Contractor must provide the certification specified in paragraph (d)(2)(iii) of this clause when submitting any claim exceeding $100,000.
(ii) The certification requirement does not apply to issues in controversy that have not been submitted as all or part of a claim.
(iii) The certification must state as follows: “I certify that the claim is made in good faith; that the supporting data are accurate and complete to the best of my knowledge and belief; that the amount requested accurately reflects the contract adjustment for which the Contractor believes the Government is liable; and that I am authorized to certify the claim on behalf of the Contractor.”
(3) The certification may be executed by any person authorized to bind the Contractor with respect to the claim.
(e) For Contractor claims of $100,000 or less, the Contracting Officer must, if requested in writing by the Contractor, render a decision within 60 days of the request. For Contractor-certified claims over $100,000, the Contracting Officer must, within 60 days, decide the claim or notify the Contractor of the date by which the decision will be made.
(f) The Contracting Officer's decision will be final unless the Contractor appeals or files a suit as provided in 41 U.S.C. chapter 71.
(g) If the claim by the Contractor is submitted to the Contracting Officer or a claim by the Government is presented to the Contractor, the parties, by mutual consent, may agree to use alternative dispute resolution (ADR). If the Contractor refuses an offer for ADR, the Contractor must inform the Contracting Officer, in writing, of the Contractor's specific reasons for rejecting the offer.
(h)(1) The Government must pay interest on the amount found due and unpaid from the date that—
(i) The Contracting Officer receives the claim (certified, if required); or
(ii) Payment otherwise would be due, if that date is later, until the date of payment.
(2) For claims having defective certifications, interest must be paid from the date that the Contracting Officer initially receives the claim. Simple interest on claims must be paid at the rate, fixed by the Secretary of the Treasury as provided in the Act, which applies to the period during which the Contracting Officer receives the claim and then at the rate that applies for each 6-month period as fixed by the Treasury Secretary while the claim is pending.
(i) The Contractor must proceed diligently with performance of this contract, pending final resolution of any request for relief, claim, appeal, or action arising under or relating to the contract, and comply with any decision of the Contracting Officer.
(End of clause)
As prescribed in 33.107(a), insert the following provision:
(a) Protests, (as defined in FAR 33.102), that are filed directly with an agency, and copies of any protests that are filed with the Government Accountability Office (GAO), must be served on the Contracting Officer identified in the solicitation by obtaining written and dated acknowledgment of receipt from them.
(b) The copy of any protest must be received in the office designated above within one day of filing a protest with the GAO.
(End of provision)
As prescribed in 33.107(b), insert the following clause:
(a) Upon receipt of a stop-work order, the Contractor must immediately comply with its terms and take all reasonable steps to minimize incurring costs allocable to the work covered by the order during the period of work stoppage. After receiving the final decision in the protest, the Contracting Officer must either—
(1) Cancel the stop-work order; or
(2) Terminate the work covered by the order as provided in the Default, or the Termination for Convenience of the Government, clause of this contract.
(b) If a stop-work order issued under this clause is canceled either before or after a final decision in the protest, the Contractor must resume work. The Contracting Officer must make an equitable adjustment in the delivery schedule or contract price, or both, and the contract must be modified, in writing, accordingly, if—
(1) The stop-work order results in an increase in the time required for, or in the Contractor's cost properly allocable to, the performance of any part of this contract; and
(2) The Contractor asserts its right to an adjustment within 30 days after the end of the period of work stoppage; provided, that if the Contracting Officer decides the facts justify the action, the Contracting Officer may receive and act upon a proposal submitted at any time before final payment under this contract.
(c) If a stop-work order is not canceled and the work covered by the order is terminated for the convenience of the Government, the Contracting Officer must allow reasonable costs resulting from the stop-work order in arriving at the termination settlement.
(d) If a stop-work order is not canceled and the work covered by the order is terminated for default, the Contracting Officer must allow, by equitable adjustment or otherwise, reasonable costs resulting from the stop-work order.
(e) The Government's rights to terminate this contract at any time are not affected by action taken under this clause.
(f) If, as the result of the Contractor's intentional or negligent misstatement, misrepresentation, or miscertification, a protest related to this contract is sustained, and the Government pays costs, the Government may require the Contractor to reimburse the Government the amount of such costs. In addition to any other remedy available, and pursuant to the requirements of subpart 32.6, the Government may collect this debt by offsetting the amount against any payment due the Contractor under any contract between the Contractor and the Government.
(End of clause)
Alternate I (DATE). As prescribed in 33.107(b), substitute in paragraph (a)(2) the words “the Termination clause of this contract” for the words “the Default, or the Termination for Convenience of the Government clause of this contract.” In paragraph (b) substitute the words “an equitable adjustment in the delivery schedule, the estimated cost, the fee, or a combination thereof, and in any other terms of the contract that may be affected” for the words “an equitable adjustment in the delivery schedule or contract price, or both.”
As prescribed in 33.206(b), insert the following clause:
United States law will apply to resolve any claim of breach of this contract.
(End of clause)
22. Remove and reserve sections 52.239-1 and 52.240-1.
23. Add sections 52.240-2, 52.240-3, 52.240-4, 52.240-5, 52.240-6, and 52.240-7 to read as follows:
As prescribed in 40.205(a), insert the following provision:
(a) Definitions. As used in this provision—
Backhaul, covered article, covered procurement, covered procurement action, covered telecommunications equipment or services, critical technology, FASCSA order, Intelligence community, interconnection arrangements, national security system, roaming, sensitive compartmented information, sensitive compartmented information system, source, and substantial or essential component have the meanings provided in the clause 52.240-3, Security Prohibitions and Exclusions.
Business operations means engaging in commerce in any form, including by acquiring, developing, maintaining, owning, selling, possessing, leasing, or operating equipment, facilities, personnel, products, services, personal property, real property, or any other apparatus of business or commerce.
Marginalized populations of Sudan means—
(1) Adversely affected groups in regions authorized to receive assistance under section 8(c) of the Darfur Peace and Accountability Act (Pub. L. 109-344) (50 U.S.C. 1701 note); and
(2) Marginalized areas in Northern Sudan described in section 4(9) of such Act.
Restricted business operations means business operations in Sudan that include power production activities, mineral extraction activities, oil-related activities, or the production of military equipment, as those terms are defined in the Sudan Accountability and Divestment Act of 2007 (Pub. L. 110-174). Restricted business operations do not include business operations that the person (as that term is defined in Section 2 of the Sudan Accountability and Divestment Act of 2007) conducting the business can demonstrate—
(1) Are conducted under contract directly and exclusively with the regional government of southern Sudan;
(2) Are conducted under specific authorization from the Office of Foreign Assets Control in the Department of the Treasury, or are expressly exempted under Federal law from the requirement to be conducted under such authorization;
(3) Consist of providing goods or services to marginalized populations of Sudan;
(4) Consist of providing goods or services to an internationally recognized peacekeeping force or humanitarian organization;
(5) Consist of providing goods or services that are used only to promote health or education; or
(6) Have been voluntarily suspended.
Sensitive technology—
(1) Means hardware, software, telecommunications equipment, or any other technology that is to be used specifically—
(i) To restrict the free flow of unbiased information in Iran; or
(ii) To disrupt, monitor, or otherwise restrict speech of the people of Iran; and
(2) Does not include information or informational materials the export of which the President does not have the authority to regulate or prohibit pursuant to section 203(b)(3) of the International Emergency Economic Powers Act (50 U.S.C. 1702(b)(3)).
(b) Procedures.
(1) Covered telecommunications and video surveillance. The Offeror must review the list of excluded parties in SAM at https://www.sam.gov for entities excluded from receiving federal awards for “covered telecommunications equipment or services.”
(2) FASCSA Orders.
(i) The Offeror must search in SAM for the phrase “FASCSA order” for any covered article, or any products or services produced or provided by a source, if there is an applicable FASCSA order described in paragraph (e) of FAR 52.240-3, Security Prohibitions and Exclusions.
(ii) The Offeror must review the solicitation for any FASCSA orders that are not in SAM but are effective and apply to the solicitation and resultant contract (see FAR 40.204-1(c)(2)).
(iii) FASCSA orders issued after the date of solicitation do not apply unless added by an amendment to the solicitation.
(3) Covered procurement actions.
(i) The Offeror must search SAM for the phrase “covered procurement action” for any source or specified product or service that is subject to a covered procurement action described in paragraph (e) to determine if any products or services are prohibited.
(ii) The Offeror must review the solicitation for any source or specified product or service that is subject to any covered procurement action that is not in SAM but are effective and apply to the solicitation and resultant contract (see FAR 40.204-2).
(iii) A source or specified product or service that is subject to a covered procurement actions issued after the date of solicitation does not apply unless added by an amendment to the solicitation.
(c) Covered telecommunications equipment or services representations. By submission of its offer, the Offeror represents that, after conducting a reasonable inquiry (that looks at any information in the Offeror's possession that is accessible but does not need to include an internal or third-party audit)—
(1) It will not provide covered telecommunications equipment or services to the Government in the performance of any contract, subcontract, or other contractual instrument resulting from this solicitation, except as waived by the solicitation, or as disclosed in paragraph (h); and
(2) It does not use covered telecommunications equipment or services, or use any equipment, system, or service that uses covered telecommunications equipment or services, except as waived by the solicitation, or as disclosed in paragraph (h).
(d) FASCSA representation. By submission of this offer, the Offeror represents that it has conducted a reasonable inquiry, and that the offeror does not propose to provide or use in response to this solicitation any covered article, or any products or services produced or provided by a source, if the covered article or the source is prohibited by an applicable FASCSA order in effect on the date the solicitation was issued, unless excepted by the solicitation, or as disclosed in paragraph (h). A reasonable inquiry will look at any information in the offeror's possession that is accessible but does not need to include an internal or third-party audit.
(e) Covered procurement action representation. By submission of this offer, the Offeror represents that it has conducted a reasonable inquiry, and that the Offeror does not propose to provide or use in response to this solicitation any products or services that are prohibited by an applicable covered procurement action in effect on the date the solicitation was issued, except as waived by the solicitation, or as disclosed in paragraph (h). A reasonable inquiry will look at any information in the Offeror's possession that is accessible but does not need to include an internal or third-party audit.
(f) Sudan certification. By submission of its offer, the Offeror certifies, after conducting a reasonable inquiry (that looks at any information in the offeror's possession that is accessible but does not need to include an internal or third-party audit), that the Offeror does not conduct any restricted business operations in Sudan.
(g) Iran representation and certifications.
(1) Except as provided in paragraph (g)(2) of this provision or if a waiver has been granted in accordance with FAR 40.203-3, the offeror, after conducting a reasonable inquiry (that looks at any information in the Offeror's possession that is accessible but does not need to include an internal or third-party audit), by submission of its offer —
(i) Represents, to the best of its knowledge and belief, that the Offeror does not export any sensitive technology to the government of Iran or any entities or individuals owned or controlled by, or acting on behalf or at the direction of, the government of Iran;
(ii) Certifies that the Offeror, or any person (as defined at section 15 of the Iran Sanctions Act of 1996, Pub. L. 104-172, 50 U.S.C. 1701 note) owned or controlled by the offeror, does not engage in any activities for which sanctions may be imposed under section 5 of the Act. These sanctioned activities are in the areas of development of the petroleum resources of Iran, production of refined petroleum products in Iran, sale and provision of refined petroleum products to Iran, and contributing to Iran's ability to acquire or develop certain weapons or technologies; and
(iii) Certifies that the Offeror, and any person owned or controlled by the offeror, does not knowingly engage in any transaction that exceeds $15,000 with Iran's Revolutionary Guard Corps or any of its officials, agents, or affiliates, the property and interests in property of which are blocked pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq. ) (see OFAC's Specially Designated Nationals and Blocked Persons List at https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx )
(2) Exception for trade agreements. The representation and certification requirements of paragraph (g)(1) of this provision do not apply if—
(i) This solicitation includes a trade agreements notice or certification ( e.g., 52.225-6, Trade Agreements Certificate); and
(ii) The Offeror has certified that all the offered products to be supplied are designated country end products or designated country construction material.
(iii) The Offeror must email questions concerning sensitive technology to the Department of State at CISADA106@state.gov.
(h) Disclosure.
(1) If the Offeror is not able to represent compliance with the prohibitions in paragraphs (c), (d), or (e) then the Offeror must disclose to the contracting officer within 72 hours the following information for each product or service not compliant:
(i) Contract number and order number, if applicable.
(ii) Identification of whether this disclosure relates to paragraph (c) on covered telecommunication equipment or services, to paragraph (d) on FASCSA orders, or paragraph (e) on covered procurement actions.
(iii) A description of the products or services that the Contractor identifies or has reason to suspect are prohibited (include brand; model number, such as the original equipment manufacturer (OEM) number, manufacturer part number, or wholesaler number; and item description, as applicable).
(iv) The entity that produced the product or service (include entity name, UEI, CAGE code, facilities responsible for design, fabrication, assembly, packaging, and test of the product, and whether the entity was the OEM or a distributor (provide manufacturer codes and distributor codes used for the product)).
(v) Description of the functionality of the product or service and how that functionality impacts the risk to the product or service.
(vi) An explanation of any factors relevant to determining if the product or service should be permitted by an applicable exception, exemption, or waiver (if the offeror would like the Government to consider a waiver or exception).
(vii) Whether alternative products or services are available that would be compliant with the prohibition.
(viii) If the product or service is related to item maintenance, include the following information on the item being maintained:
(A) Brand.
(B) Model number, OEM number, manufacturer part number, or wholesaler number.
(C) Item description, as applicable.
(ix) Any readily available information about mitigation actions undertaken or recommended.
(2) If the disclosure provided does not contain any of the information required by paragraph (h)(1), and the offeror later discovers new information that is required by paragraph (h)(1), then the Offeror must submit a subsequent disclosure within 72 hours of discovering the new information.
(i) Executive agency review of disclosures. The Contracting Officer will review disclosures provided in paragraph (h) to determine if any applicable waiver or exception may be sought. The Contracting Officer may choose not to pursue a waiver and may instead make an award to an Offeror that does not require a waiver.
(End of provision)
As prescribed in 40.205(b), insert the following clause:
Security Prohibitions and Exclusions (DATE)
(a) Definitions. As used in this clause—
American Security Drone Act-covered foreign entity means an entity included on a list that the Federal Acquisition Security Council (FASC) develops and maintains and publishes in SAM at https://www.sam.gov (section 1822 of Pub. L. 118-31, 41 U.S.C. 3901 note prec.).
Backhaul means intermediate links between the core network, or backbone network, and the small subnetworks at the edge of the network ( e.g., connecting cell phones/towers to the core telephone network). Backhaul can be wireless ( e.g., microwave) or wired ( e.g., fiber optic, coaxial cable, Ethernet).
Covered application means the social networking service TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited.
Covered article, as defined in 41 U.S.C. 4713(k), means—
(1) Information technology, as defined in 40 U.S.C. 11101, including cloud computing services of all types;
(2) Telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153);
(3) The processing of information on a Federal or non-Federal information system, subject to the requirements of the Controlled Unclassified Information program (see 32 CFR part 2002); or
(4) Hardware, systems, devices, software, or services that include embedded or incidental information technology.
Covered foreign country means The People's Republic of China.
Covered procurement, as defined at 41 U.S.C. 4713(k), means—
(1) A source selection for a covered article involving either a performance specification, as provided in 41 U.S.C. 3306(a)(3)(B), or an evaluation factor, as provided in 41 U.S.C. 3306(b)(1)(A), relating to a supply chain risk, or where supply chain risk considerations are included in the agency's determination of whether a source is a responsible source as defined in 41 U.S.C. 113 (see part 9);
(2) The consideration of proposals for, and issuance of a task or delivery order for, a covered article, as provided in 41 U.S.C. 4106(d)(3), where the task or delivery order contract includes a contract clause establishing a requirement relating to a supply chain risk;
(3) Any contract action involving a contract for a covered article where the contract includes a clause establishing requirements relating to a supply chain risk; or
(4) Any other procurement in a category of procurements determined appropriate by the Federal Acquisition Regulatory Council, with the advice of the Federal Acquisition Security Council.
Covered procurement action, as defined at 41 U.S.C. 4713(k), means any of the following actions, if the action takes place in the course of conducting a covered procurement:
(1) The exclusion of a source that fails to meet qualification requirements established under 41 U.S.C. 3311 (see part 9) for the purpose of reducing supply chain risk in the acquisition or use of covered articles.
(2) The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order.
(3) The determination that a source is not a responsible source as defined in 41 U.S.C. 113 (see part 9) based on considerations of supply chain risk.
(4) The decision to withhold consent for a contractor to subcontract with a particular source or to direct a contractor to exclude a particular source from consideration for a subcontract under the contract.
Covered telecommunications equipment or services means—
(1) Telecommunications equipment produced ( i.e. manufactured, designed, developed, or licensed intellectual property) by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities);
(2) For the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance equipment and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities);
(3) Telecommunications services or video surveillance services provided by such entities or using such equipment; or
(4) Telecommunications equipment, telecommunications services, video surveillance equipment, or video surveillance services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence (DNI) or the Director of the Federal Bureau of Investigation (FBI), reasonably believes to be an entity owned or controlled (see 31 CFR 800.208) by, or otherwise connected to, the government of a covered foreign country.
Critical technology means a technology in whose absence a system cannot adequately operate or function.
FASC-prohibited unmanned aircraft system means an unmanned aircraft system manufactured or assembled by an American Security Drone Act—covered foreign entity.
FASCSA order means any of the following orders issued under the Federal Acquisition Supply Chain Security Act (FASCSA) requiring removing covered articles from executive agency information systems or excluding one or more named sources or named covered articles from executive agency procurement actions, as described in 41 CFR 201-1.303(d) and (e):
(1) The Secretary of Homeland Security may issue FASCSA orders that apply to civilian agencies, to the extent not covered by paragraph (2) or (3) of this definition. This type of FASCSA order may be referred to as a DHS FASCSA order.
(2) The Secretary of Defense may issue FASCSA orders that apply to DoD and national security systems other than sensitive compartmented information systems. This type of FASCSA order may be referred to as a DoD FASCSA order.
(3) DNI may issue FASCSA orders that apply to the intelligence community and sensitive compartmented information systems, to the extent not covered by paragraph (2) of this definition. This type of FASCSA order may be referred to as a DNI FASCSA order.
Information technology, as defined in 40 U.S.C. 11101(6)—
(1) Means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use—
(i) Of that equipment; or
(ii) Of that equipment to a significant extent in the performance of a service or the furnishing of a product;
(2) Includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but
(3) Does not include any equipment acquired by a Federal contractor incidental to a Federal contract.
Intelligence community, as defined by 50 U.S.C. 3003(4), means the following—
(1) The Office of the Director of National Intelligence;
(2) The Central Intelligence Agency;
(3) The National Security Agency;
(4) The Defense Intelligence Agency;
(5) The National Geospatial-Intelligence Agency;
(6) The National Reconnaissance Office;
(7) Other offices within DoD for the collection of specialized national intelligence through reconnaissance programs;
(8) The intelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Space Force, the Coast Guard, the Federal Bureau of Investigation, the Drug Enforcement Administration, and the Department of Energy;
(9) The Bureau of Intelligence and Research of the Department of State;
(10) The Office of Intelligence and Analysis of the Department of the Treasury;
(11) The Office of Intelligence and Analysis of the Department of Homeland Security; or
(12) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director of National Intelligenceand the head of the department or agency concerned, as an element of the intelligence community.
Interconnection arrangements means arrangements governing the physical connection of two or more networks to allow the use of another's network to hand off traffic where it is ultimately delivered ( e.g., connecting a customer of telephone provider A to a customer of telephone company B) or sharing data and other information resources.
Kaspersky Lab-covered article means any hardware, software, or service that—
(1) Is developed or provided by a Kaspersky Lab-covered entity;
(2) Includes any hardware, software, or service developed or provided in whole or in part by a Kaspersky Lab-covered entity; or
(3) Contains components using any hardware or software developed in whole or in part by a Kaspersky Lab-covered entity.
Kaspersky Lab-covered entity means—
(1) Kaspersky Lab;
(2) Any successor entity to Kaspersky Lab, including any change in name, e.g., “Kaspersky”;
(3) Any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(4) Any entity of which Kaspersky Lab has a majority ownership.
National security system, as defined in 44 U.S.C. 3552, means any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—
(1) The function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions, but does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications); or
(2) Is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
Roaming means cellular communications services ( e.g., voice, video, data) received from a visited network when unable to connect to the facilities of the home network either because signal coverage is too weak, traffic is too high, or home network is not located in that geographic area.
Sensitive compartmented information means classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.
Sensitive compartmented information system means a national security system authorized to process or store sensitive compartmented information.
Source means a non-Federal supplier, or potential supplier, of products or services, at any tier.
System means a regularly interacting or interdependent group of items or components forming a unified whole.
Subsidiary means an entity in which more than 50 percent of the entity is owned directly by a parent corporation or through another subsidiary of a parent corporation.
Substantial or essential component means any component necessary for the proper function or performance of a piece of equipment, system, or service. A component that is used only in connection with an ancillary function of a piece of equipment, system, or service is not substantial or essential.
Telecommunications equipment means equipment used to produce, transmit, emit, or receive, or store signals, signs, writing, images, sounds, or intelligence of any nature, by wire, cable, satellite, fiber optics, laser, radio, or any other electronic, electric, electromagnetic, or acoustically coupled means.
Telecommunications services means services used to produce, transmit, emit, or receive, or store signals, signs, writing, images, sounds, or intelligence of any nature, by wire, cable, satellite, fiber optics, laser, radio, or any other electronic, electric, electromagnetic, or acoustically coupled means.
Unmanned aircraft means an aircraft that is operated without the possibility of direct human intervention from within or on the aircraft (49 U.S.C. 44801(11)).
Unmanned aircraft system means an unmanned aircraft and associated elements (including communication links and the components that control the unmanned aircraft) that are required for the operator to operate safely and efficiently in the national airspace system (49 U.S.C. 44801(12)). See 41 CFR 201-1.101 for the list of associated elements identified by the FASC.
Video surveillance equipment means equipment used to identify or monitor activities or information through use of imaging, visual, or audio methods.
Video surveillance services means services used to identify or monitor activities or information through use of imaging, visual, or audio methods.
(b) Prohibitions on providing or using specific products or services in performance of contract. Unless a waiver or exception applies, the Contractor is prohibited from providing any products or services to the Government or using in the performance of the contract any of the following:
(1) A covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under this contract, including equipment provided by the Contractor's employees (section 102 of Division R of the Consolidated Appropriations Act, 2023 (Pub. L. 117-328));
(2) A Kaspersky Lab-covered article (Section 1634 of Division A of the National Defense Authorization Act for Fiscal Year 2018 (Pub. L. 115-91));
(3) Covered telecommunications equipment or services used as a substantial or essential component of any system, or as critical technology as part of any system (paragraphs (a)(1)(A) of section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232)). This does not prohibit contractors from—
(i) Providing a service to the Government that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or
(ii) Providing or using telecommunications equipment that does not have the capability to route or redirect ( i.e. directs or programs equipment to make a determination of where to send) user data traffic or cannot permit visibility ( i.e. access to content in a comprehensible form) into any user data or packets that such equipment transmits or otherwise handles.
(c) Prohibition on unmanned aircraft systems manufactured or assembled by American Security Drone Act—covered foreign entities.
(1) Prohibition. The Contractor is prohibited from—
(i) Delivering any FASC-prohibited unmanned aircraft system, which includes unmanned aircraft ( i.e., drones) and associated elements (sections 1823 and 1826 of American Security Drone Act of 2023, within the National Defense Authorization Act for Fiscal Year 2024, Pub. L. 118-31, Div. A, Title XVIII, Subtitle B, 41 U.S.C. 3901 note prec.);
(ii) On or after December 22, 2025, operating a FASC-prohibited unmanned aircraft system in the performance of the contract (section 1824 of Pub. L. 118-31); and
(iii) On or after December 22, 2025, using Federal funds to procure or operate a FASC-prohibited unmanned aircraft system (section 1825 of Pub. L. 118-31).
(2) Procedures. The Contractor must search SAM for the FASC-maintained list of American Security Drone Act—covered foreign entities before proposing, or using in performance of the contract, any unmanned aircraft system. Also, the Contractor must ensure any effort or expenditure associated with a FASC-prohibited unmanned aircraft system is consistent with a corresponding exemption, exception, or waiver determination expressly stated in the contract.
(3) Exemptions, exceptions, and waivers. The prohibitions in paragraph (c) of this clause do not apply where the agency has determined an exemption, exception, or waiver applies, and the contract indicates that such a determination has been made. See sections 1823 through 1825 and 1832 of Public Law 118-31 for statutory requirements pertaining to exemptions, exceptions, and waivers.
(d) Prohibition on using or providing specific products or services or conducting certain transactions regardless of connection to contract.
(1) Certain telecommunications and video surveillance equipment, systems, or services.
(i) Unless an applicable waiver has been issued by the Government, the Contractor cannot use any equipment, systems, or services that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system (paragraph (a)(1)(B) of section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232)). For purposes of this specific prohibition only, the following activities are not individually considered use of covered telecommunications equipment or services: commercial sales, maintenance, testing services, warranty services, and employee's use of personal equipment.
(ii) This prohibition applies to using covered telecommunications equipment or services, regardless of whether that use is in performance of work under a Federal contract. This does not prohibit the contractor from using—
(A) A service that connects to the facilities of a third party, such as backhaul, roaming, or interconnection arrangements; or
(B) Telecommunications equipment that does not have the capability to route or redirect ( i.e. directs or programs equipment to make a determination of where to send) user data traffic or cannot permit visibility ( i.e. access to content in a comprehensible form) into any user data or packets that such equipment transmits or otherwise handles.
(2) Office of Foreign Assets Control restrictions.
(i) Except as authorized by OFAC in the Department of the Treasury, the Contractor must not acquire, for use in the performance of this contract, any supplies or services if any proclamation, Executive order, or statute administered by OFAC, or if OFAC's implementing regulations at 31 CFR chapter V, would prohibit such a transaction by a person subject to the jurisdiction of the United States.
(ii) Except as authorized by OFAC, most transactions involving Cuba, Iran, and Sudan are prohibited, as are most imports from Burma or North Korea, into the United States or its outlying areas.
(A) For lists of entities and individuals subject to economic sanctions, see OFAC's List of Specially Designated Nationals and Blocked Persons at https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists.
(B) For more information about these restrictions, as well as updates, see OFAC's regulations at 31 CFR chapter V and at https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information.
(C) To conduct electronic screens of potential parties to regulated transactions, see the consolidated screening list at https://www.trade.gov/consolidated-screening-list, which consolidates multiple export screening lists of the Departments of Commerce, State, and the Treasury.
(3) Sudan prohibition. The Contractor is prohibited from conducting any restricted business operations in Sudan in accordance with the Sudan Accountability and Divestment Act of 2007 (Pub. L. 110-174).
(4) Iran prohibitions.
(i) Unless an exception applies according to paragraph (d)(4)(iii) or the Government grants a waiver, the contractor must not engage in certain activities or transactions relating to Iran (section 6(b)(1)(A) of Iran Sanctions Act (50 U.S.C. 1701 note).
(ii) Unless an exception applies according to paragraph (d)(4)(iii) or the Government grants a waiver, contractor must not export certain sensitive technology to Iran, as determined by the President, and has an active exclusion in SAM (22 U.S.C. 8515).
(iii) The prohibition in paragraphs (d)(4)(i) and (d)(4)(ii) do not apply if the acquisition is subject to trade agreements and the offeror certifies that all the offered products are designated country end products or designated country construction material (see part 25).
(iv) Unless an exception applies or the Government grants a waiver, contractors are prohibited from knowingly engaging in any significant transaction ( i.e., over $15,000) with Iran's Revolutionary Guard Corps or any of its officials, agents, or affiliates, the property and interests in property of which are blocked according to the International Emergency Economic Powers Act (section 6(b)(1)(B) of Iran Sanctions Act (50 U.S.C. 1701 note)).
(e) Governmentwide exclusion and removal orders.
(1) Unless the Government has issued an applicable waiver, contractors must not provide or use as part of the performance of the contract any covered article, or any products or services produced or provided by a source, if the covered article or the source is prohibited by an applicable FASCSA order as follows:
(i) For solicitations and contracts awarded by a Department of Defense contracting office, DoD FASCSA orders apply.
(ii) For all other solicitations and contracts, DHS FASCSA orders apply.
(2) The Contractor must search for the phrase “FASCSA order” in the System for Award Management (SAM) at https://www.sam.gov to locate applicable FASCSA orders.
(3) The Government may identify in the solicitation other FASCSA orders that are not in SAM, which are effective and apply to the solicitation and resulting contract.
(4) A FASCSA order issued after the date of solicitation applies to this contract only if added by an amendment to the solicitation or modification to the contract (see FAR 40.204-1(c)).
(f) Covered procurement actions. Unless the Government has issued an applicable waiver, the contractor must not provide or use any products or services in performance of the contract that are prohibited by an applicable covered procurement action that has been identified in the solicitation or posted in SAM at www.sam.gov (41 U.S.C. 4713).
(g) Reasonable inquiry. The contractor must conduct a reasonable inquiry to determine if there are any prohibited products or services. The inquiry will look at any information in the entity's possession that is accessible but does not need to include an internal or third-party audit.
(h) Removal of prohibited products and services. For Federal Supply Schedules, Governmentwide acquisition contracts, multi-agency contracts or any other procurement instrument intended for use by multiple agencies, upon notification from the Contracting Officer, during the performance of the contract, the Contractor must promptly make any necessary changes or modifications to remove any product or service produced or provided by a source that this clause prohibits.
(i) General report.
(1) If the Contractor identifies or is notified by any source, (including a subcontractor at any tier), that any product or service provided or used (or to be provided or used) during contract performance does not comply with any prohibition in this clause, then the Contractor must report the following information, or as much information is known, in writing to the contracting office as identified in paragraph (i)(2) within 72 hours:
(i) Contract number and order number, if applicable;
(ii) The specific prohibition the product or service is not complying with;
(iii) A description of the products or services that the Contractor identifies or has reason to suspect is prohibited (include brand; model number, such as the original equipment manufacturer (OEM) number, manufacturer part number, or wholesaler number; and item description, as applicable);
(iv) The entity that produced the product or service (include entity name, UEI, CAGE code, facilities responsible for design, fabrication, assembly, packaging, and test of the product, and whether the entity was the OEM or a distributor (provide manufacturer codes and distributor codes used for the product));
(v) Description of the functionality of the product or service and how that functionality impacts the risk to the product or service;
(vi) An explanation of any factors relevant to determining if the product or service should be permitted by an applicable exception, exemption, or waiver (if the contractor would like the Government to consider a waiver, and asks for such a waiver);
(vii) Whether alternative products or services are available that would comply with the prohibition;
(viii) If the product or service is related to item maintenance, include the following information on the item being maintained:
(A) Brand;
(B) Model number, OEM number, manufacturer part number, or wholesaler number; and
(C) Item description, as applicable.
(ix) Any readily available information about mitigation actions implemented or recommended.
(2) If a report must be submitted to a contracting office, the Contractor must submit the report to the Contracting Officer or for indefinite delivery contracts, the Contractor must report to both the contracting officer for the indefinite delivery contract and the contracting officer for any affected order.
(3) If the report provided does not contain any of the information required by paragraph (i)(1) of this clause, and the contractor later discovers new information that is required by paragraph (h)(1) of this clause, then the contractor must submit a subsequent report within 72 hours of discovering the new information.
(4) The contractor must also report the information in paragraph (i)(1) if the contractor wishes to ask for a waiver of the requirements of a new FASCSA order or covered procurement action being applied through modification.
(j) New FASCSA orders and covered procurement actions report.
(1) During contract performance, the Contractor must review SAM at least once every three months, or as advised by the Contracting Officer, to check for covered articles subject to FASCSA order(s) or for products or services produced by a source subject to FASCSA order(s) not currently identified under paragraph (e) of this clause, or products or services prohibited by an applicable covered procurement action.
(2) If the Contractor identifies a new FASCSA order(s) or covered procurement actions that could impact their supply chain, then the Contractor must conduct a reasonable inquiry to identify whether a covered article or product or service produced or provided by a source subject to the FASCSA order(s) or whether a product or service prohibited by an applicable covered procurement action was provided to the Government or used during contract performance. The inquiry will look at any information in the entity's possession that is accessible but does not need to include an internal or third-party audit.
(3) The Contractor must submit a report to the contracting office identified in paragraph (i)(2) of this clause if the Contractor identifies, including through any notification by a subcontractor at any tier, that a covered article or product or service produced or provided by a source was provided to the Government or used during contract performance and is subject to a FASCSA order(s) or covered procurement action. For indefinite delivery contracts, the Contractor must report to both the contracting office for the indefinite delivery contract and the contracting office for any affected order. The Contractor must report the following information within 72 hours for each covered article or each product or service produced or provided by a source, where the covered article or source is subject to a FASCSA order or covered procurement action:
(i) Contract number and order number, if applicable;
(ii) Name of the covered article or source subject to a FASCSA order or covered procurement action;
(iii) The specific FASCSA order or covered procurement action the product or service does not comply with;
(iv) The elements of (i)(1)(iii) through (ix) of this clause.
(k) Subcontracts. The Contractor must include the substance of this clause, including this paragraph (k) but excluding paragraphs (d)(1) and (j)(1), in subcontracts at any tier under this contract, including those for commercial products and commercial services.
Alternate I (DATE). As prescribed in 40.205(b), substitute the following paragraph (e)(1) for paragraph (e)(1) of the basic clause:
(e) Governmentwide exclusion and removal orders.
(1) Contractors are prohibited from providing or using as part of the performance of the contract any covered article, or any products or services produced or provided by a source, if the covered article or the source is prohibited by any applicable FASCSA orders identified by the checkbox(es) in this paragraph (e)(1). [Contracting Officer must select either “yes” or “no” for each of the following types of FASCSA orders:]
Yes ☐ No ☐ DHS FASCSA Order
Yes ☐ No ☐ DoD FASCSA Order
Yes ☐ No ☐ DNI FASCSA Order
As prescribed in 40.302-3, insert the following clause:
Classified Information (DATE)
(a) Definition. As used in this clause—
Handle or handling means any use of information, including but not limited to accessing, processing, collecting, developing, receiving, transmitting, storing, marking, safeguarding, transporting, disseminating, reusing, and disposing of the information.
(b) Applicability. This clause applies to the extent that the Contractor handles information classified Confidential, Secret, or Top Secret on this contract.
(c) Requirement. The Contractor must comply with—
(1) The Security Agreement (DD Form 441), including the National Industrial Security Program Operating Manual (32 CFR part 117); and
(2) Any revisions to that manual, notice of which has been furnished to the Contractor.
(d) Changes. If, after the date of this contract, the security classification or security requirements under this contract are changed by the Government and if the changes cause an increase or decrease in security costs or otherwise affect any other term or condition of this contract, the contract must be subject to an equitable adjustment as if the changes were directed under the Changes clause of this contract.
(e) Subcontracts. The Contractor must include the substance of this clause, including this paragraph (e) but excluding any reference to the Changes clause of this contract, in subcontracts at any tier under this contract that involves access to classified information, including those for commercial products or commercial services.
(f) Identification. A subcontractor requiring access to classified information under a contract must be identified with a CAGE code on the DD Form 254. The Contractor must require a subcontractor that handles classified information to provide its CAGE code with its name and location address or otherwise include it prominently in the proposal. Each location of subcontractor performance listed on the DD Form 254 is required to reflect a corresponding unique CAGE code for each listed location unless the work is being performed at a Government facility, in which case the agency location code must be used. The CAGE code must be for that name and location address. Insert the word “CAGE” before the number. The CAGE code is required prior to award. The contractor must ensure that subcontractors maintain their CAGE code(s) throughout the life of the contract.
(End of clause)
Alternate I (DATE). As prescribed in 40.302-3(b), add the following paragraphs (f), (g), and (h) to the basic clause:
(f) Continue performance. (1) If a change in security requirements, as provided in paragraphs (b) and (c), results in a change in the security classification of this contract or any of its elements from an unclassified status or a lower classification to a higher classification, or in more restrictive area controls than previously required, then the Contractor must exert every reasonable effort compatible with the Contractor's established policies to continue performing the work under the contract to comply with the change in security classification or requirements.
(2) If, despite reasonable efforts, the Contractor determines that continuing work under this contract is not practical because of the change in security classification or requirements, the Contractor must notify the Contracting Officer in writing. Until the Contracting Officer resolves this problem, the Contractor must continue safeguarding all classified material as required by this contract.
(g) Mutually satisfactory method. After receiving the written notification, the Contracting Officer must explore the circumstances surrounding the proposed change in security classification or requirements and must try to work out a mutually satisfactory method so the Contractor can continue doing the work under this contract.
(h) Termination. If, 15 days after receipt by the Contracting Officer of the notification of the Contractor's stated inability to proceed, the application to this contract of the change in security classification or requirements has not been withdrawn or a mutually satisfactory method for continuing performance of work under this contract has not been agreed upon, the Contractor may request the Contracting Officer to terminate the contract in whole or in part. The Contracting Officer must terminate the contract in whole or in part, as may be appropriate, and the termination must be deemed a termination under the terms of the Termination for the Convenience of the Government clause.
Alternate II (DATE). As prescribed in 40.302-3(c), add the following paragraph (f) to the basic clause:
(f) Identification. The Contractor is responsible for furnishing to each employee, and for requiring each employee engaged on the work to display, such identification as may be approved and directed by the Contracting Officer. All prescribed identification must immediately be delivered to the Contracting Officer, for cancellation upon the release of any employee. When required by the Contracting Officer, the Contractor must obtain and submit fingerprints of all persons employed or to be employed on the project.
As prescribed in 40.303-2, insert the following clause:
Covered Federal Information (DATE)
(a) Definitions. As used in this clause—
Covered contractor information system means an information system that is owned, operated, or used by a contractor that processes, stores, or transmits covered Federal information.
Covered Federal information means information provided by or created for the Government, when that information is other than—
(1) Simple transactional information (such as that necessary to process payments);
(2) Information already publicly released (such as on public websites), or marked for public release, by the Government;
(3) Federally-funded basic and applied research at colleges, universities, and laboratories in accordance with National Security Decision Directive 189;
(4) CUI; or
(5) Classified information.
Handle or handling means any use of information, including but not limited to accessing, processing, collecting, developing, receiving, transmitting, storing, marking, safeguarding, transporting, disseminating, reusing, and disposing of the information.
Information means any communication or representation of knowledge such as facts, data, or opinions, in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual (Committee on National Security Systems Instruction (CNSSI) 4009).
Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information (44 U.S.C. 3502).
(b) Handling requirements.
(1) Covered contractor information systems requirements. The Contractor must safeguard its covered contractor information systems by implementing, at minimum, the following security controls:
(i) Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
(ii) Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
(iii) Verify and control/limit connections to and use of external information systems.
(iv) Control information posted or processed on publicly accessible information systems.
(v) Identify information system users, processes acting on behalf of users, or devices.
(vi) Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
(vii) Sanitize or destroy information system media containing covered Federal Information before disposal or release for reuse.
(viii) Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
(ix) Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices.
(x) Monitor, control, and protect organizational communications ( i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
(xi) Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
(xii) Identify, report, and correct information and information system flaws in a timely manner.
(xiii) Provide protection from malicious code ( i.e., firewalls, virus detection, etc.) at appropriate locations within organizational information systems.
(xiv) Update malicious code ( i.e., firewalls, virus detection, etc.) protection mechanisms when new releases are available.
(xv) Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.
(2) Other handling requirements. The contractor must protect covered Federal information from unauthorized disclosure when handled outside of a covered contractor information system.
(c) Subcontracts. The Contractor must include the substance of this clause, including this paragraph (c), in subcontracts under this contract (including subcontracts for the acquisition of commercial products, other than commercially available off-the-shelf items, or commercial services), in which the subcontractor may handle covered Federal information.
(End of clause)
As prescribed in 40.304-7(a), insert the following provision:
Notice of Controlled Unclassified Information Requirements (DATE)
(a) Definitions. As used in this provision, authorized holder, contractor-attributional information, contractor bid or proposal information, controlled unclassified information (CUI), CUI incident, handling, and unauthorized disclosure have the meaning provided in the clause 52.240-7, Controlled Unclassified Information.
(b) Government-provided information. (1) The Offeror must not use Government-provided information for its own purposes, whether or not the information is marked as CUI, unless the information is in the public domain, or unless the information was lawfully made available to the Offeror by someone other than the Government.
(2) If Offeror is required to handle CUI, the Government will provide agency procedures on handling the CUI to ensure compliance with the requirements in 32 CFR part 2002. Offerors must comply with these agency procedures for handling CUI.
(c) Reporting Unmarked CUI, mismarked CUI, and CUI incidents.
(1) The Offeror should notify the Contracting Officer within 72 hours of discovery if the Offeror discovers any information within the scope of this solicitation the Offeror has knowledge indicating the information is CUI that—
(i) Is not marked;
(ii) Is not properly marked;
(iii) Is not identified on the SF XXX; or
(iv) Is involved in a CUI incident.
(2) The Offeror should safeguard any information the Offeror has evidence indicating the information is CUI that is not identified in the SF XXX or is not marked or properly marked as required in the SF XXX until a contracting officer makes a determination.
(d) Plan of Action and Milestones Disclosure. If the offeror is not compliant with any of the requirements in 52.240-7, the offeror must submit a disclosure as part of their offer to the Contracting Officer that identifies all requirements the offeror is not compliant with and a plan of action and milestones for the offeror to meet the applicable requirements.
(End of provision)
As prescribed in 40.304-7(b), insert the following clause:
Controlled Unclassified Information (DATE)
(a) Identifying controlled unclassified information. The SF XXX, Controlled Unclassified Information (CUI) Requirements, that is incorporated into this contract identifies what controlled unclassified information (CUI) is involved in the contract. The Contractor is required to safeguard only the CUI that is identified in the SF XXX. However, see paragraph (c) of this clause.
(b) Definitions. As used in this clause-
Authorized holder is an individual, agency, organization ( e.g., contractor), or group of users that is permitted to handle CUI, in accordance with this part.
Adequate security means security protections commensurate with the risk of harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information.
Cloud computing means a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources ( e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing is characterized by on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service; and includes service models such as software-as-a-service, infrastructure-as-a-service, and platform-as-a-service (NIST SP 800-145).
Contractor-attributional information means information that identifies the Contractor or its employees directly or identifies them indirectly by grouping information that can be traced back to the Contractor ( e.g., program description or facility locations).
Contractor bid or proposal information means any of the following information submitted to a Federal agency as part of or in connection with a bid or proposal to enter into a Federal agency procurement contract, if that information has not been previously made available to the public or disclosed publicly:
(1) Cost or pricing data as defined by 10 U.S.C. 3701(1), with respect to procurements subject to that section, and 41 U.S.C. 3501(a)(2), with respect to procurements subject to that section.
(2) Indirect costs and direct labor rates.
(3) Proprietary information about manufacturing processes, operations, or techniques marked by the Contractor in accordance with applicable law or regulation.
(4) Information marked by the Contractor as “Contractor bid or proposal information” in accordance with applicable law or regulation.
(5) Information marked in accordance with 52.215-1(e).
Controlled unclassified information (CUI) means information that the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Governmentwide policy requires or permits an agency to handle using safeguarding or dissemination controls. CUI does not include—
(1) Information a Contractor possesses and maintains in its own systems that did not come from, or was not created by or specifically for, an executive branch agency or an entity acting for an agency (see 32 CFR 2002.4); or
(2) Federally-funded basic and applied research at colleges, universities, and laboratories in accordance with National Security Decision Directive 189; or
(3) Information a Contractor creates or possesses that a law, regulation, or Governmentwide policy does not specifically require the Contractor to handle using safeguarding or dissemination controls.
CUI Basic means the subset of CUI for which the authorizing law, regulation, or Governmentwide policy does not set out specific handling or dissemination controls. CUI Basic must be handled according to the uniform set of controls set forth in 32 CFR part 2002 and the CUI Registry.
CUI categories means those types of information for which laws, regulations, or Governmentwide policies require or permit agencies to exercise safeguarding or dissemination controls, and which has been listed in the CUI Registry.
CUI incident means unauthorized disclosure, improper modification, improper destruction of CUI, in any form or medium, or unauthorized access to the information system on which the CUI resides. Improper handling of CUI ( e.g., unmarked or mismarked CUI) is not a CUI incident unless the improper handling has resulted in an unauthorized disclosure, improper modification, or improper destruction of CUI.
CUI Registry means the online repository for all information, guidance, policy, and requirements on handling CUI. Among other information, the CUI Registry identifies all approved CUI categories and subcategories, provides general descriptions for each, identifies the basis for controls, establishes markings, and includes guidance on handling procedures (see https://archives.gov/cui ).
CUI Specified means the subset of CUI for which the authorizing law, regulation, or Governmentwide policy contains specific handling controls that it requires or permits agencies to use and that differ from those for CUI Basic. The CUI Registry indicates which laws, regulations, and Governmentwide policies include such specific requirements.
External service provider means external people, technology, or facilities that an organization utilizes for provision and management of IT and/or cybersecurity services on behalf of the organization.
Federal information system means an information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency (40 U.S.C. 11331).
Handle or handling means any use of CUI, including but not limited to accessing, processing, collecting, developing, receiving, transmitting, storing, marking, safeguarding, transporting, disseminating, re-using, and disposing of the information.
Information means any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, electronic, or audiovisual forms (see Office of Management and Budget (OMB) Circular No. A-130, Managing Information as a Strategic Resource).
Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information (44 U.S.C. 3502(8)).
Lawful Government purpose means any activity, mission, function, operation, or endeavor that the Government authorizes or recognizes as within the scope of its legal authorities or the legal authorities of non-executive branch entities such as state and local law enforcement.
Limited dissemination control means any control identified on the CUI Registry that agencies may use to limit or specify CUI dissemination.
On behalf of an agency means a Contractor uses or operates an information system or maintains or collects information for the purpose of processing, storing, or transmitting Federal information, and those activities are not incidental to providing a service or product to the Government.
Unauthorized disclosure means when an authorized holder of CUI intentionally or unintentionally discloses, accesses, or observes CUI without a lawful Government purpose, in violation of restrictions imposed by safeguarding or dissemination controls, or contrary to limited dissemination controls.
(c) Identifying and reporting information the Contractor has evidence indicating the information is potentially CUI.
(1) The Contractor must notify the Contracting Officer within 72 hours of discovery if—
(i) The Contractor discovers any information that the Contractor has knowledge indicating the information is CUI that is not identified in the SF XXX or is not marked or properly marked as required in the SF XXX;
(ii) There is any inconsistency between this clause and an SF XXX incorporated into the contract.
(2) The Contractor must safeguard any information the Contractor has knowledge indicating the information is CUI that is not identified in the SF XXX or is not marked or properly marked as required in the SF XXX until the Contracting Officer makes a determination. If such information is involved in a CUI incident the contractor must also comply with paragraph (e) of this clause.
(3) The Contractor is not entitled to use Government-provided information for its own purposes, whether or not the information is marked as CUI, unless the information is in the public domain, or unless the information was lawfully made available to the Contractor by someone other than the Government.
(4) The Contractor must appropriately identify information the Contractor owns and provides to the Government ( e.g., contractor bid or proposal information, contractor-attributional information, or contractor proprietary business information). The Government will determine in accordance with agency procedures whether the information provided by the Contractor must be handled by the Government as CUI or entitled to other protections by the Government ( e.g., contractor-attributional information associated with a CUI incident).
(d) Handling CUI.
(1) The Contractor must handle CUI that the Government identifies in the SF XXX and ensure handling is consistent with applicable requirements in 32 CFR 2002.14, 32 CFR 2002.16, 32 CFR 2002.18, 32 CFR 2002.20, and SF XXX.
(i) This includes CUI that the Government provides to the Contractor or CUI that the Contractor handles in performance of the contract.
(ii) For CUI located within a Federally-controlled facility, the Contractor must ensure that any Contractor employees handling CUI within Federally-controlled facilities comply with the requirements identified within Part B on the SF XXX.
(iii) For CUI located within a non-Federally-controlled facility, the Contractor must ensure that any Contractor employees handling CUI within the non-Federally-controlled facility comply with the requirements identified in Part C of the SF XXX.
(iv) When information is not identified as CUI, it may be covered Federal information requiring information system security controls in accordance with Federal Acquisition Regulation clause 52.240-5, Covered Federal Information.
(2) The Contractor is not responsible for handling unmarked or mismarked CUI unless doing so is specifically included in the SF XXX, such as when the Contractor generates or develops CUI that has been designated by the Government. For marking required by the SF XXX, the contractor must use the Banner Format and Marking Notes in the CUI Registry to mark the applicable CUI categories using the indicators in the SF XXX.
(3) Contractors operating information systems that access, use, process, store, maintain, or transmit CUI identified in the contract, must implement the following requirements:
(i) When the Contractor is operating an information system identified in the SF XXX as a Federal information system—
(A) The Contractor must comply with agency-identified security requirements from the latest version of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and any CUI Specified requirements identified in the SF XXX; and
(B) If using cloud computing services, the Contractor must comply with agency-identified security requirements, but at no less than the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline ( https://www.fedramp.gov/rev5/documents-templates/ ).
(ii) When the Contractor is operating a non-Federal information system, except for out-of-scope assets as identified in paragraph (A), the Contractor must comply with the requirements in paragraphs (B) through (F)—
(A) The following assets are out-of-scope:
( 1 ) An endpoint hosting a virtual desktop infrastructure client configured to prevent any processing, storage, or transmission of CUI beyond the keyboard/video/mouse sent to the virtual desktop infrastructure client).
( 2 ) Commercial communications networks that transmit government and non-government information using the same equipment, protocols, and methodologies, without regard to the source or recipient of the information.
(B) Comply with the security requirements of NIST SP 800-171 Revision 3, “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations” (available via the internet at https://dx.doi.org/10.6028/NIST.SP.800-171 ). The organizational defined parameters (ODP) provided at the web page at https://dowcio.war.gov/Portals/0/Documents/CMMC/OrgDefinedParmsNISTSP800-171.pdf must be applied for applicable NIST SP 800-171 Revision 3 security requirements;
(C) Comply with all security requirements for CUI Specified identified by the agency in the SF XXX;
(D) Comply with any requirements from NIST SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information, identified by the agency for a critical program or high-value asset. For any requirements in NIST SP 800-172 identified by the agency, the organizational defined parameters (ODP) provided elsewhere in this solicitation, as described in part D of SF XXX, must be applied for applicable security requirements;
(E) Ensure that, if the Contractor uses a cloud service provider to store, process, or transmit any CUI identified in SF XXX—
( 1 ) The cloud computing service provider meets security requirements equivalent to those established by the Government for FedRAMP Moderate baseline ( https://www.fedramp.gov/rev5/documents-templates/ ); and
(2) The additional requirements in paragraph (d)(3)(ii)(D) of this clause are met; and
(F) Make the system security plan available (plan must identify use of any external service provider handling CUI), and any associated plans of action required by NIST SP 800-171, for any planned implementations or mitigations to the Government upon request to demonstrate the Contractor's implementation or planned implementation of the security requirements.
(e) CUI incidents.
(1) For CUI in a Federally-controlled facility, the Contractor must report CUI incidents in accordance with agency policy as specified in the SF XXX.
(2) For CUI in a non-Federally-controlled facility, the Contractor must report any CUI incident (except for any CUI incident involving a FedRAMP authorized cloud computing service provider that is reported in accordance with FedRAMP Incident Communication Procedures) within 72 hours of discovery to https://dibnet.dod.mil for DoD contracts and to CISA for non-DoD contracts at https://www.cisa.gov/reporting-cyber-incident and provide a notification to the contracting officer and next higher tier contractor (if applicable) that a CUI incident report has been submitted.
(i) The contractor must submit in the first report as many of the applicable data elements as identified in the applicable website that are available at the time.
(ii) If the first report does not contain all of the applicable data elements or some of the information changes after the investigation is substantially complete, the contractor must submit a subsequent report containing the updated or new information.
(3) When the Contractor discovers a CUI incident, the Contractor must—
(i) Determine and inventory what CUI was or could have been improperly accessed, created, collected, used, processed, stored, maintained, disseminated, disclosed, or disposed of;
(ii) Construct a timeline of user activity;
(iii) Determine methods and techniques used to access CUI; and
(iv) Cooperate and exchange information with agency officials, as determined necessary by the agency, in order to effectively report and manage a CUI incident.
(4) If the CUI incident has occurred on an information system, preserve and protect available images of all known affected information systems and all relevant monitoring and packet capture data until the Government declines interest or 90 days from the date of the submission of the report passes without the Government requesting the media and data, whichever is sooner.
(5) The reporting requirements of this clause do not relieve the Contractor from the requirement to follow any applicable laws, regulations, or policies outside of this clause.
(f) Resolving Conflicts with Other Laws or Regulations. Contractors must notify the contracting officer within 72 hours of determining that they are not able to comply with any of the requirements in this clause due to conflict with another law or regulation.
(g) Subcontracts. The Contractor must include in each subcontract at any tier under this contract that will require access to or the ability to access CUI identified in the SF XXX, Controlled Unclassified Information (CUI) Requirements, including those for commercial products (other than those for commercially available off-the-shelf items) or commercial services—
(1) The substance of this clause, including this paragraph (g), without alteration except to identify the parties; and
(2) Any applicable information within the SF XXX to indicate to the subcontractor what CUI applies to the subcontract.
(End of clause)
24. Remove and reserve sections 52.252-1 and 52.252-2.
25. Revise sections 52.252-3 through 52.252-6 to read as follows:
As prescribed in 52.107(a), insert the following provision:
Alterations in Solicitation (DATE)
Portions of this solicitation are altered as follows: ___
(End of provision)
As prescribed in 52.107(b), insert the following clause:
Alterations in Contract (DATE)
Portions of this contract are altered as follows: ___
(End of clause)
As prescribed in 52.107(c), insert the following provision:
Authorized Deviations in Provisions (DATE)
(a) The use in this solicitation of any Federal Acquisition Regulation (48 CFR chapter 1) provision with an authorized deviation is indicated by the addition of (DEVIATION) after the date of the provision.
(b) The use in this solicitation of any __ [insert regulation name] (48 CFR chapter __) provision with an authorized deviation is indicated by the addition of (DEVIATION) after the name of the regulation.
(End of provision)
As prescribed in 52.107(d), insert the following clause:
Authorized Deviations in Clauses (DATE)
(a) The use in this solicitation or contract of any Federal Acquisition Regulation (48 CFR Chapter 1) clause with an authorized deviation is indicated by the addition of (DEVIATION) after the date of the clause.
(b) The use in this solicitation or contract of any __ [insert regulation name] (48 CFR __) clause with an authorized deviation is indicated by the addition of (DEVIATION) after the name of the regulation.
(End of clause)
26. Remove and reserve section 52.253-1.
Subpart 52.3 [Removed and Reserved]
27. Remove and reserve subpart 52.3, consisting of section 52.300 and 52.301.
PART 53 [Removed and Reserved]
28. Remove and reserve part 53, consisting of sections 53.000, 53.001, subparts 53.1, 53.2, and 53.3.
[FR Doc. 2026-12559 Filed 6-22-26; 8:45 am]
BILLING CODE 6820-EP-P