E

Defense Federal Acquisition Regulation Supplement Subparts Addressing SCRM

The following are the current Defense Federal Acquisition Regulations Supplement (DFARS) subparts that address supply chain risk management (SCRM) concerns, including reporting cyber incidents, counterfeits, and suppliers. These clauses should be considered for all Department of Defense (DoD) and U.S. Air Force (USAF) statement of work, request for proposal, and procurement agreements to inform and define expectations of supplier requirements in assuring product and service integrity. These clauses, and reforms like these, are fully compliant with the “full and open disclosure” clause (DFARS Subpart 6) required for fair competition.¹

1. Subpart 204.7, Safeguarding Covered Defense Information and Cyber Incident Reporting, October 21, 2016.
   1. 1.1. Subpart 252.204-7008 (Provision), Compliance with Safeguarding Covered Defense Information Controls, October 2016.
   2. 1.2. Subpart 252.204-7009 (Clause), Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information, October 2016.
   3. 1.3. Subpart 252.204-7012 (Clause), Safeguarding Covered Defense Information and Cyber Incident Reporting, October 2016.
   4. 1.4. Subpart 252.227-7013 (Clause), Rights in Technical Data-Non-Commercial Items, February 2014.

___________________

¹ Revision dates included when available.

2. 1. 1.4.1. Subpart 252.204-7014 (Clause), Limitations on the Use or Disclosure of Information by Litigation Support Contractors, May 2016.
   2. 1.4.2. Subpart 252.227-7025 (Clause), Limitations on the Use or Disclosure of Government-Furnished Information Marked with Restrictive Legends, May 2014.
   3. 1.4.3. Subpart 252.227-7103-7 (Clause), Use and Non-disclosure Agreement.
3. Subpart 211.274, Item Identification and Valuation Requirements, June 7, 2016.
   1. 2.1. Subpart 252.211-7003 (Clause), Item Unique Identification and Valuation, March 2016.
   2. 2.2. Subpart 252.211-7007 (Clause), Reporting of Government-Furnished Property, August 2012.
   3. 2.3. Subpart 252.211-7008 (Clause), Use of Government-Assigned Serial Numbers, September 2010.
4. Subpart 231.205-71, Costs Related to Counterfeit Electronic Parts and Suspect Counterfeit Electronic Parts, November 4, 2016.
   1. 3.1.1. Subpart 204.303 (Clause), Extent of Review.
   2. 3.1.2. Subpart 252.246-7007 (Clause), Contractor Counterfeit Electronic Part Detection and Avoidance System, August 2016.
5. Subpart 239.73, Requirements for Information Relating to Supply Chain Risk, October 30, 2015.
   1. 4.1. Subpart 239.7301, Definitions, February 2019.
      1. 4.1.1. Subpart 208.405, Ordering Procedures for Federal Supply Schedules, June 2018.
      2. 4.1.2. Subpart 208.7402, General (Enterprise Software Agreements Section), October 2015.
      3. 4.1.3. Subpart 212.301, Acquisition of Commercial Items, April 2019.
      4. 4.1.4. Subpart 213.106-1, Soliciting Competition, March 2018.
      5. 4.1.5. Subpart 214.201-5, Part IV Solicitation of Bids, June 2018.
      6. 4.1.6. Subpart 214.503-1, Step 1 Two-Step Sealed Bidding, October 2015.
      7. 4.1.7. Subpart 215.304-5 (v), Evaluation Factors, February 2019.
      8. 4.1.8. Subpart 244.201-1, Consent Requirements, April 2019.
   2. 4.2. Subpart 239.7302, Applicability, February 2019.
   3. 4.3. Subpart 239.7303, Authorized Individuals, February 2019.
   4. 4.4. Subpart 239.7304, Determination and Notification, February 2019.
   5. 4.5. Subpart 239.7305, Exclusion and Limitation on Disclosure, February 2019.

5. 1. 4.6. Subpart 239.7306, Solicitation Provision and Contract Clause, February 2019.
      1. 4.6.1. Subpart 252.239-7017 (Clause), Notice of Supply Chain Risk, November 2013.
      2. 4.6.2. Subpart 252.239-7018 (Clause), Supply Chain Risk, October 2015.
6. Subpart 246.870, Contractors’ Counterfeit Electronic Part Detection and Avoidance Systems, October 21, 2016.
   1. 5.1. Subpart 246.870-1, Definition of “Authorized Supplier,” May 2018.
      1. 5.1.1. Subpart 252.246-7007 (Clause), Contractor Counterfeit Electronic Part Detection and Avoidance System, August 2016.
   2. 5.2. Subpart 246.870-2, Policy, May 2018.
      1. 5.2.1. Subpart 252.246-7008 (Clause), Sources of Electronic Parts, May 2018.
      2. 5.2.2. Subpart 231.205-71 (Clause), Costs Related to Counterfeit Electronic Parts and Suspect Counterfeit Electronic Parts, August 2018.
      3. 5.2.3. Subpart 252.244-7001 (Clause), Contractor Purchasing System Administration.
   3. 5.3. Subpart 246.870-3, Contract Clauses, May 2014.
      1. 5.3.1. Subpart 252.246-7007 (Clause), Contractor Counterfeit Electronic Part Detection and Avoidance System, August 2016.
      2. 5.3.2. Subpart 252.246-7008 (Clause), Sources of Electronic Parts, May 2018.
         1. 5.3.2.1. Subpart 252.251-7000 (Clause), Ordering from Government Supply Sources, August 2012.