DFARS 252.246-7007 Contractor Counterfeit Electronic Part Detection and Avoidance System. Basic (Jan 2023) (Current)

As prescribed in 246.870-3(a),

(1)  Except as provided in paragraph (a)(2) of this section, use the clause at 252.246-7007, Contractor Counterfeit Electronic Part Detection and Avoidance System, in solicitations and contracts when procuring—

                    (i)  Electronic parts;

                    (ii)  End items, components, parts, or assemblies containing electronic parts; or

                    (iii)  Services where the contractor will supply electronic parts or components, parts, or assemblies containing electronic parts as part of the service.

              (2)  Do not use the clause in solicitations and contracts that are set aside for small business.
 

CONTRACTOR COUNTERFEIT ELECTRONIC PART DETECTION AND AVOIDANCE SYSTEM (JAN 2023)

The following paragraphs (a) through (e) of this clause do not apply unless the Contractor is subject to the Cost Accounting Standards under 41 U.S.C. chapter 15, as implemented in regulations found at 48 CFR 9903.201-1.

      (a)  Definitions.  As used in this clause—

      “Authorized aftermarket manufacturer” means an organization that fabricates a part under a contract with, or with the express written authority of, the original component manufacturer based on the original component manufacturer’s designs, formulas, and/or specifications.

      “Authorized supplier” means a supplier, distributor, or an aftermarket manufacturer with a contractual arrangement with, or the express written authority of, the original manufacturer or current design activity to buy, stock, repackage, sell, or distribute the part.

      “Contract manufacturer” means a company that produces goods under contract for another company under the label or brand name of that company.

      “Contractor-approved supplier” means a supplier that does not have a contractual agreement with the original component manufacturer for a transaction, but has been identified as trustworthy by a contractor or subcontractor.

      “Counterfeit electronic part” means an unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer, or a source with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer. Unlawful or unauthorized substitution includes used electronic parts represented as new, or the false identification of grade, serial number, lot number, date code, or performance characteristics.

      “Electronic part” means an integrated circuit, a discrete electronic component (including, but not limited to, a transistor, capacitor, resistor, or diode), or a circuit assembly (section 818(f)(2) of Pub. L. 112-81).

      “Obsolete electronic part” means an electronic part that is no longer available from the original manufacturer or an authorized aftermarket manufacturer.

      "Original component manufacturer" means an organization that designs and/or engineers a part and is entitled to any intellectual property rights to that part.

      “Original equipment manufacturer” means a company that manufactures products that it has designed from purchased components and sells those products under the company's brand name.

      “Original manufacturer” means the original component manufacturer, the original equipment manufacturer, or the contract manufacturer.

      “Suspect counterfeit electronic part” means an electronic part for which credible evidence (including, but not limited to, visual inspection or testing) provides reasonable doubt that the electronic part is authentic.

      (b)  Acceptable counterfeit electronic part detection and avoidance system.  The Contractor shall establish and maintain an acceptable counterfeit electronic part detection and avoidance system. Failure to maintain an acceptable counterfeit electronic part detection and avoidance system, as defined in this clause, may result in disapproval of the purchasing system by the Contracting Officer and/or withholding of payments and affect the allowability of costs of counterfeit electronic parts or suspect counterfeit electronic parts and the cost of rework or corrective action that may be required to remedy the use or inclusion of such parts (see DFARS 231.205-71).

      (c)  System criteria.  A counterfeit electronic part detection and avoidance system shall include risk-based policies and procedures that address, at a minimum, the following areas:

              (1)  The training of personnel.

              (2)  The inspection and testing of electronic parts, including criteria for acceptance and rejection. Tests and inspections shall be performed in accordance with accepted Government- and industry-recognized techniques. Selection of tests and inspections shall be based on minimizing risk to the Government. Determination of risk shall be based on the assessed probability of receiving a counterfeit electronic part; the probability that the inspection or test selected will detect a counterfeit electronic part; and the potential negative consequences of a counterfeit electronic part being installed (e.g., human safety, mission success) where such consequences are made known to the Contractor.

              (3)  Processes to abolish counterfeit parts proliferation.

              (4)  Risk-based processes that enable tracking of electronic parts from the original manufacturer to product acceptance by the Government, whether the electronic parts are supplied as discrete electronic parts or are contained in assemblies, in accordance with paragraph (c) of the clause at 252.246-7008, Sources of Electronic Parts (also see paragraph (c)(2) of this clause).

              (5)  Use of suppliers in accordance with the clause at 252.246-7008.

              (6)  Reporting and quarantining of counterfeit electronic parts and suspect counterfeit electronic parts. Reporting is required to the Contracting Officer and to the Government-Industry Data Exchange Program (GIDEP) when the Contractor becomes aware of, or has reason to suspect that, any electronic part or end item, component, part, or assembly containing electronic parts purchased by the DoD, or purchased by a Contractor for delivery to, or on behalf of, the DoD, contains counterfeit electronic parts or suspect counterfeit electronic parts. Counterfeit electronic parts and suspect counterfeit electronic parts shall not be returned to the seller or otherwise returned to the supply chain until such time that the parts are determined to be authentic.

              (7)  Methodologies to identify suspect counterfeit parts and to rapidly determine if a suspect counterfeit part is, in fact, counterfeit.

              (8)  Design, operation, and maintenance of systems to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts. The Contractor may elect to use current Government- or industry-recognized standards to meet this requirement.

              (9)  Flow down of counterfeit detection and avoidance requirements, including applicable system criteria provided herein, to subcontractors at all levels in the supply chain that are responsible for buying or selling electronic parts or assemblies containing electronic parts, or for performing authentication testing.

              (10)  Process for keeping continually informed of current counterfeiting information and trends, including detection and avoidance techniques contained in appropriate industry standards, and using such information and techniques for continuously upgrading internal processes.

              (11)  Process for screening GIDEP reports and other credible sources of counterfeiting information to avoid the purchase or use of counterfeit electronic parts.

              (12)  Control of obsolete electronic parts in order to maximize the availability and use of authentic, originally designed, and qualified electronic parts throughout the product’s life cycle.

      (d)  Government review and evaluation of the Contractor’s policies and procedures will be accomplished as part of the evaluation of the Contractor’s purchasing system in accordance with 252.244-7001, Contractor Purchasing System Administration--Basic, or Contractor Purchasing System Administration--Alternate I.

      (e)  Subcontracts.  The Contractor shall include the substance of this clause, excluding the introductory text and including only paragraphs (a) through (e), in subcontracts, including subcontracts for commercial products, for electronic parts or assemblies containing electronic parts.

(End of clause)
 

    (e)  Subcontracts.  The Contractor shall include the substance of this clause, excluding the introductory text and including only paragraphs (a) through (e), in subcontracts, including subcontracts for commercial products, for electronic parts or assemblies containing electronic parts.

Mandatory (Exception);
Services ✖ Applies when electronic parts or assemblies containing electronic parts are required. Applies only to CAS-covered contractors. Doesn't apply to small business set-asides.

52.204-21 Basic Safeguarding of Covered Contractor Information Systems.

52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities.

52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities.

252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.

252.204-7017 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services-Representation.

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.239-7010 Cloud Computing Services.

252.239-7017 Notice of Supply Chain Risk.

252.239-7018 Supply Chain Risk.

252.239-7010 Cloud Computing Services.

252.204-7009 Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.204-7021 Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement.

3052.204-70 Security requirements for unclassified information technology resources.

3052.204-71 Contractor employee access.

3052.204-71 Contractor employee access.

552.204-9 Personal Identity Verification Requirements.

552.204-9 Personal Identity Verification Requirements.

552.238-110 Commercial Satellite Communication (COMSATCOM) Services.

552.204-9 Personal Identity Verification Requirements.

752.204-72 Access to USAID facilities and USAID's information systems.

952.204-77 Computer security.

952.223-76 Conditional payment of fee or profit-safeguarding restricted data and other classified information and protection of worker safety and health.

970.5203-1 Management controls.

970.5204-1 Counterintelligence.

970.5204-3 Access to and ownership of records.

52.204-21 Basic Safeguarding of Covered Contractor Information Systems.

52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities.

52.204-28 Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts.

52.204-29 Federal Acquisition Supply Chain Security Act Orders-Representation and Disclosures.

52.204-30 Federal Acquisition Supply Chain Security Act Orders-Prohibition.

52.204-27 Prohibition on a ByteDance Covered Application.

252.204-7016 Covered Defense Telecommunications Equipment or Services-Representation.

252.204-7017 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services—Representation.

252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.

252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.204-7021 Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement.

252.204-7000 Disclosure of Information.

252.204-7008 Compliance with Safeguarding Covered Defense Information Controls.

252.204-7009 Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

252.239-7000 Protection Against Compromising Emanations.

252.239-7009 Representation of Use of Cloud Computing.

252.239-7010 Cloud Computing Services.

252.239-7017 Notice of Supply Chain Risk.

252.239-7018 Supply Chain Risk.

252.245-7000 Government-Furnished Mapping, Charting, and Geodesy Property.

1852.246-74 Contractor Counterfeit Electronic Part Detection and Avoidance

3052.204-72 Safeguarding of Controlled Unclassified Information.

3052.204-73 Notification and Credit Monitoring Requirements for Personally Identifiable Information Incidents.

3052.204-71 Contractor employee access.

552.204-9 Personal Identity Verification Requirements.

552.239-70 Information Technology Security Plan and Security Authorization.

552.239-71 Security Requirements for Unclassified Information Technology Resources.

552.238-110 Commercial Satellite Communication (COMSATCOM) Services.

652.239-70 Information Technology Security Plan and Accreditation.

652.239-71 Security Requirements for Unclassified Information Technology Resources.

752.204-72 Access to USAID facilities and USAID's information systems.

752.239-70 Information Technology Authorization.

752.239-72 USAID-Financed Project Websites.

752.227-71 Planning, Collection, and Submission of Digital Information to USAID.

952.204-78 DOE Directives.

970.5203-1 Management controls.

970.5204-3 Access to and ownership of records.

952.204-77 Computer security.

Working with a set of FAR clauses from an RFP or contract?

Try pasting them into our tool to instantly generate a risk profile, including the basic flow down recommendation.

Info

Works best with Chrome and Edge browsers!