2023-21320. Federal Acquisition Regulation: Implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders
-
Start Preamble
AGENCY:
Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA).
ACTION:
Interim rule.
SUMMARY:
DoD, GSA, and NASA are issuing an interim rule amending the Federal Acquisition Regulation (FAR) to implement supply chain risk information sharing and exclusion or removal orders consistent with the Federal Acquisition Supply Chain Security Act of 2018 and a final rule issued by the Federal Acquisition Security Council.
DATES:
Effective date: December 4, 2023.
Applicability: The FAR changes apply to solicitations issued on or after December 4, 2023 in accordance with FAR 1.108(d).
For existing indefinite delivery contracts only, contracting officers shall modify them, in accordance with FAR 1.108(d), to include the FAR clause at 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition (including any applicable alternate) within 6 months of December 4, 2023, to apply to future orders. However, for Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts, if the FASCSA orders are going to be applied at the order level, then FAR clause 52.204–28 should be included instead, within 6 months of December 4, 2023.
If exercising an option or modifying an existing contract or task or delivery order to extend the period of performance, contracting officers shall include the FAR clause at 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition (including any applicable alternate). When exercising an option, agencies should consider modifying the existing contract to add the clause in a sufficient amount of time to both provide notice for exercising the option and to provide contractors with adequate time to comply with the clause.
Comment date: Interested parties should submit written comments to the Regulatory Secretariat Division at the address shown below on or before December 4, 2023 to be considered in the formation of the final rule.
ADDRESSES:
Submit comments in response to FAC 2023–06, FAR Case 2020–011 to the Federal eRulemaking portal at https://www.regulations.gov by searching for “FAR Case 2020–011”. Select the link “Comment Now” that corresponds with FAR Case 2020–011. Follow the instructions provided on the “Comment Now” screen. Please include your name, company name (if any), and “FAR Case 2020–011” on your attached document. If your comment cannot be submitted using https://www.regulations.gov, call or email the points of contact in the FOR FURTHER INFORMATION CONTACT section of this document for alternate instructions.
Instructions: Please submit comments only and cite “FAR Case 2020–011” in all correspondence related to this case. Comments received generally will be posted without change to https://www.regulations.gov, including any personal and/or business confidential information provided. Public comments may be submitted as an individual, as an organization, or anonymously (see frequently asked questions at https://www.regulations.gov/faq). To confirm receipt of your comment(s), please check https://www.regulations.gov, approximately two to three days after submission to verify posting.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
For clarification of content, contact Ms. Marissa Ryba, Procurement Analyst, at 314–586–1280 or by email at Marissa.Ryba@gsa.gov. For information pertaining to status, publication schedules, or alternate instructions for submitting comments if https://www.regulations.gov cannot be used, contact the Regulatory Secretariat Division at 202–501–4755 or GSARegSec@gsa.gov. Please cite FAC 2023–06, FAR Case 2020–011.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
I. Background
This interim rule revises the FAR to implement section 202 of the Federal Acquisition Supply Chain Security Act of 2018 (Title II of the SECURE Technology Act, Pub. L. 115–390, Dec. 21, 2018), and a final rule issued by the Federal Acquisition Security Council (FASC) (August 26, 2021, 86 FR 47581, effective September 27, 2021).
Foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology to commit malicious cyber-enabled actions, including economic and industrial espionage against the United States and its citizens. Vulnerabilities may be introduced during any phase of the product or service life cycle, including: design, development and production, distribution, acquisition and deployment, maintenance, and disposal. These vulnerabilities can include the incorporation of malicious software, hardware, and counterfeit components; flawed product designs; and poor manufacturing processes and maintenance procedures.
The U.S. Government's efforts to evaluate threats to and vulnerabilities in supply chains have historically been undertaken by individual or small groups of agencies to address specific supply chain security risks. Because of the scale of supply chain risks faced by Government agencies, and the need for better coordination among a broader group of agencies, there was an organized effort within the Executive Start Printed Page 69504 branch to support Congressional efforts in 2018 to pass new legislation to improve Executive branch coordination, supply chain information sharing, and actions to address supply chain risks.
Title II of the SECURE Technology Act, also referred to as the Federal Acquisition Supply Chain Security Act of 2018, established the Federal Acquisition Security Council (FASC) and authorized it to perform a variety of functions, including making recommendations for orders that would require the removal of covered articles from executive agency information systems or the exclusion of sources or covered articles from executive agency procurement actions. The FASC is an Executive branch interagency council, which is chaired by a senior-level official from the Office of Management and Budget (OMB). The FASC includes representatives from GSA; Department of Homeland Security (DHS); Office of the Director of National Intelligence; DoD; Department of Justice (DOJ); and Department of Commerce (Commerce).
The FASC issued a final rule adding 41 CFR part 201–1, which implements the Federal Acquisition Supply Chain Security Act of 2018 requirements. The FASC final rule establishes procedures that govern the operation of the FASC, the sharing of supply chain risk information, the exercise of its authorities to recommend issuance of orders requiring removal of covered articles from information systems (removal orders), and orders excluding sources or covered articles from future procurements (exclusion orders) that pose a risk to our nation's supply chain. This rule refers to both exclusion and removal orders as “FASCSA orders”.
Under the FASC final rule, the FASC will evaluate sources and/or covered articles by addressing a common set of non-exclusive factors that are listed in the FASC final rule. Initiation of the process can begin either by referral of the FASC or any member of the FASC; upon the written request of any U.S. Government body; or based on information submitted to the FASC by any individual or non-Federal entity that the FASC determines to be credible.
The FASC will conduct appropriate due diligence regarding the information that it is considering. If the FASC does not find that recommending a removal or exclusion order is warranted, risk information received and analyzed by the FASC may be shared, as appropriate, in accordance with the FASC final rule. If the FASC decides to issue a recommendation, that recommendation will provide relevant information and analysis for the Secretary of Homeland Security, the Secretary of Defense, and/or the Director of National Intelligence (DNI), as appropriate, to consider when deciding whether to issue a FASCSA order.
Executive agencies must share relevant supply chain risk information. DHS, acting primarily through the Cybersecurity and Infrastructure Security Agency (CISA), is the information sharing agency (ISA), which will share and disseminate information within the FASC, and other Federal and non-Federal entities, as appropriate.
Collectively, the information sharing requirements and implementation of FASCSA orders will address risks in supply chains by reducing or removing threats and vulnerabilities that may lead to data and intellectual property theft, damage to critical infrastructure, harm to Federal information systems, and otherwise degrade our national security. This rule will also help make Government supply chains and information systems more resilient and less subject to disruptions that could impact Government operations.
II. Discussion and Analysis
A. Overview of Rule
This interim rule implements within the FAR the requirements of the Federal Acquisition Supply Chain Security Act of 2018 and the Federal Acquisition Security Council (FASC) final rule for complying with exclusion or removal orders and sharing certain supply chain risk information. Once an order recommended by the FASC is issued by the Secretary of Homeland Security, the Secretary of Defense, and/or the Director of National Intelligence, affected Executive agencies are required to implement the order.
As referred to in this rule, the term FASCSA order may refer to either an exclusion order or removal order. An exclusion order is applicable during the process for awarding a new contract or task or delivery order, as it excludes from the offered supplies or services any products or services subject to a FASCSA order. A removal order requires removal of any products or services from an executive agency information system subject to a FASCSA order. In some instances, a contracting officer may incorporate a contract term to require compliance with a FASCSA order issued after award via a modification that incorporates FAR clause 52.204–28, Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts, or FAR clause 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition.
As a result of this interim rule, contracting officers will now have established procedures to implement FASCSA orders in existing and new Federal contracts and to share relevant information on potential supply chain risk. These procedures reduce exploitations of vulnerabilities, in turn making the supply chain more resilient.
Contractors and offerors will also play a key role in this process by remaining current on FASCSA orders identified in the solicitation and contract. When an offeror submits a new offer in response to a contract solicitation containing the new requirement, the offeror will represent, after conducting a reasonable inquiry, that the offeror does not propose to provide or use any prohibited covered articles or products or services subject to a FASCSA order. These measures are necessary to build resilience in Government supply chains. Further procedures allow an offeror to disclose where they cannot comply with a FASCSA order. The purpose for this disclosure is so that the Government may decide whether to pursue a waiver.
Throughout contract performance, contractors will be required to report to the contracting officer once they become aware that a covered article or product or service subject to a FASCSA order has been delivered to the Government or used in performance of the contract. This reporting requirement applies not just to FASCSA orders incorporated into the contract, but also to new FASCSA orders issued after contract award or added to the contract through modification. Reporting this information to the contracting officer will provide the Government the needed information to assess the risk and make a determination on how to proceed.
B. Part 1 Updates
The OMB control number for the new information collection required by this interim rule is being added to FAR 1.106.
C. Part 4 Updates
A new FAR subpart 4.23 titled Federal Acquisition Security Council is being added to implement requirements for FASCSA orders and supply chain risk information sharing.
FAR 4.2301 provides definitions in accordance with the FASC final rule.
FAR 4.2302 requires the contracting officer to work with the cognizant program office or requiring activity in accordance with agency procedures to share relevant supply chain risk information with the FASC if there is a reasonable basis to conclude there exists Start Printed Page 69505 a substantial supply chain risk associated with a source or covered article.
FAR 4.2303 identifies the requirements for Executive agencies to implement FASCSA orders when they are issued by the Secretary of Homeland Security, the Secretary of Defense, or the Director of National Intelligence. FASCSA orders for sources or covered articles will be searchable within the System for Award Management (SAM) to make it easier for contractors and Government to identify the products and services subject to a FASCSA order; however, in rare cases additional FASCSA orders, not identified in SAM, will be identified in the solicitation.
If a covered article or the source is subject to a Governmentwide FASCSA order, this section directs Executive agencies responsible for management of the Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts to remove the covered articles or sources identified in the FASCSA order from such contracts.
FAR 4.2304 provides the procedures for a contracting officer to follow when completing the clause at FAR 52.204–30 identifying applicable FASCSA orders and when a solicitation or contract may be updated to incorporate additional FASCSA orders. In the rare case when a FASCSA order is identified outside of SAM, Executive agencies must follow agency procedures.
Additional specific procedures are outlined for Federal Supply Schedules, Governmentwide acquisition contracts, multi-agency contracts or any other procurement instrument intended for use by multiple agencies. An agency awarding this type of vehicle may decide to apply FASCSA orders in the basic contract or the task order or delivery order.
This section further provides the contracting officer with procedures to determine whether to pursue a waiver, how to identify a full or partial waiver in the solicitation, and who to work with when a contractor submits a report identifying covered articles or sources subject to a FASCSA order.
FAR 4.2305 identifies the procedures for an agency to submit a waiver request that includes all necessary information for the official who issued the FASCSA order (issuing official) to review and evaluate the request, including alternative mitigations to the risks addressed by the order and the ability of an agency to fulfill its mission critical functions. Agencies may reasonably choose not to pursue a waiver and to make award to an offeror that does not require a waiver in accordance with the procedures at 4.2304.
FAR 4.2306 prescribes new provision at FAR 52.204–29, Federal Acquisition Supply Chain Security Act Orders-Representation and Disclosures, and two new clauses, FAR 52.204–28, Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts, and FAR 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition.
The terms “covered article” and “covered entity” in FAR 4.2001 and the clause at FAR 52.204–23 are updated to “Kaspersky Lab covered article” and “Kaspersky Lab covered entity” to avoid confusion with the definition of a covered article excluded or removed under the authority of an issuing official. The definition of “Kaspersky Lab covered entity” was updated to reference the recently adopted name Kaspersky.
D. Part 9 Updates
Clarification is added at FAR 9.400 that FASCSA orders are covered at FAR subpart 4.23. FAR subpart 9.4 covers debarment and suspension, and exclusions.
E. Part 13 Updates
FAR 13.201 is updated to include the prohibition on covered articles and sources subject to a FASCSA order for micro-purchases.
F. Part 39 Updates
The prohibition is being added to FAR 39.101 to ensure members of the acquisition workforce working on information technology procurements are aware of the prohibition.
G. Part 52 Updates
In addition to the name changes discussed in Part 4, the clause at FAR 52.204–23 is updated to change the reporting time frame for the initial report from 1 business day to 3 business days to align with the reporting time frame at FAR 52.204–30(c)(4) and provide sufficient time for contractors to submit a report.
The new provision at FAR 52.204–29, Federal Acquisition Supply Chain Security Act Orders-Representation and Disclosures, is added prohibiting contractors from providing any covered article, or any products or services produced or provided by a source, including contractor use of covered articles or sources, if the covered article or the source is subject to an applicable FASCSA order identified in the clause at FAR 52.204–30(b)(1). Contractors must search for FASCSA orders in SAM. To locate the FASCSA orders in SAM, contractors can search by entity information using the search term “FASCSA order” to locate all FASCSA orders or only those that apply to the solicitation. Details about the FASCSA orders will be in the additional comments field. FASCSA orders issued after the date of solicitation are not effective unless the solicitation is amended. In rare cases, a FASCSA order may be identified in the solicitation, and not in SAM.
By submitting an offer, an offeror is representing that it has conducted a reasonable inquiry and is not providing any covered article, or any products or services subject to an applicable FASCSA order identified in the solicitation at FAR 52.204–30(b)(1). If an offeror cannot represent compliance with the prohibition, then the offeror must disclose this and provide the required information in accordance with 52.204–29(e). The Government will use this information to determine whether to seek a waiver or may choose to make an award to an offeror that does not require a waiver.
The new clause at FAR 52.204–28, Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts, provides contractors with notice that FASCSA orders will be identified in the request for quote or in the notice of intent to place an order. Contractors will be able to identify applicable FASCSA orders in paragraph (b)(1) of FAR 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition with its Alternate II. Contractors will also be required to remove from the basic contract any covered article or any product or service produced or provided by a source subject to a FASCSA order issued collectively by DHS, DoD, and DNI.
The new clause at FAR 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition, prohibits contractors from providing any covered article, or any products or services produced or provided by a source, if the covered article or the source is subject to an applicable FASCSA order identified in paragraph (b). In most cases, for solicitations and contracts awarded by DoD, DoD FASCSA orders will apply; and for all other solicitations and contracts, DHS FASCSA orders will apply. The clause, when used with its Alternate I, identifies a different construct for paragraph (b) allowing the contracting officer to select the applicable FASCSA orders ( i.e. DoD FASCSA order, DHS Start Printed Page 69506 FASCSA order, DNI FASCSA order). The clause at FAR 52.204–30 also requires the contractor to review SAM at least once every three months or as advised by the contracting officer, and provide a report in the event the contractor identifies that a covered article, or product or service produced or provided by a source, that is subject to a FASCSA order, was provided to the Government or used during contract performance; or the contractor is notified of such by a subcontractor at any tier or by any other means. The clause, when used with its Alternate II is for Federal Supply Schedules, Governmentwide acquisition contracts and multi-agency contracts when FASCSA orders are applied at the order level.
FAR 52.212–5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Products and Commercial Services, FAR 52.213–4, Terms and Conditions-Simplified Acquisitions (Other Than Commercial Products and Commercial Services), and FAR 52.244–6, Subcontracts for Commercial Products and Commercial Services are updated to add the requirements of FAR 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition.
III. Specific Questions For Comment
DoD, GSA, and NASA welcome input on the following questions regarding anticipated impact on affected parties.
- What additional information or guidance do you view as necessary to effectively comply with this interim rule?
- What challenges do you anticipate facing in effectively complying with this interim rule?
IV. Applicability to Contracts at or Below the Simplified Acquisition Threshold (SAT) and for Commercial Products, (Including Commercially Available Off-the-Shelf (COTS) Items), or for Commercial Services
This interim rule adds a new contract clause at FAR 52.204–28, Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts. The clause is prescribed at FAR 4.2306(a) and is required in the basic solicitation and resultant contract for all Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts when FASCSA orders are contemplated to be applied at the task or delivery order level. The clause will apply to acquisitions valued at or below the SAT; acquisitions of commercial products, including COTS items; and acquisition of commercial services.
This interim rule adds a new provision at FAR 52.204–29, Federal Acquisition Supply Chain Security Act Orders-Representation and Disclosures. The provision is prescribed at FAR 4.2306(b) and is for use in all solicitations for contracts, except that for Federal Supply Schedules, Governmentwide acquisition contracts and multi-agency contracts the clause will be inserted in all solicitations for contracts if FASCSA orders apply at the contract level. The provision will apply to acquisitions valued at or below the SAT; acquisitions of commercial products, including COTS items; and acquisition of commercial services.
This interim rule adds a new contract clause at FAR 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition, including the clause with its Alternate I and Alternate II. The clause is prescribed at FAR 4.2306(c) for use in all solicitations and contracts, except that for Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts where FASCSA orders are applied at the contract level, the clause must be used with its Alternate I in all solicitations and resultant contracts; or, if FASCSA orders are applied at the order level, the clause shall be used with its Alternate II in all requests for quotations, or in all notices of intent to place an order. The clause will apply to acquisitions valued at or below the SAT; acquisitions of commercial products, including COTS items; and acquisition of commercial services. The above provision and clauses are necessary to implement FASCSA orders authorized by the Federal Acquisition Supply Chain Security Act of 2018 and the Federal Acquisition Supply Chain Security Act final rule.
A. Applicability to Contracts at or Below the Simplified Acquisition Threshold
41 U.S.C. 1905 governs the applicability of laws to acquisitions at or below the SAT. Section 1905 generally limits the applicability of new laws when agencies are making acquisitions at or below the SAT, but provides that such acquisitions will not be exempt from a provision of law under certain circumstances, including when the Federal Acquisition Regulatory Council (FAR Council) makes a written determination and finding that it would not be in the best interest of the Federal Government to exempt contracts and subcontracts in amounts not greater than the SAT from the provision of law. The FAR Council has made a determination to apply this statute to acquisitions at or below the SAT.
B. Applicability to Contracts for the Acquisition of Commercial Products and Commercial Services, Including Commercially Available Off-the-Shelf (COTS) Items
41 U.S.C. 1906 governs the applicability of laws to contracts for the acquisition of commercial products and commercial services and is intended to limit the applicability of laws to contracts for the acquisition of commercial products and commercial services. Section 1906 provides that if the FAR Council makes a written determination that it is not in the best interest of the Federal Government to exempt commercial products and commercial services contracts the provision of law will apply to contracts for the acquisition of commercial products and commercial services.
41 U.S.C. 1907 states that acquisitions of COTS items will be exempt from certain provisions of law unless the Administrator for Federal Procurement Policy makes a written determination and finds that it would not be in the best interest of the Federal Government to exempt contracts for the procurement of COTS items.
The FAR Council has made a determination to apply this statute to acquisitions for commercial products and commercial services. The Administrator for Federal Procurement Policy has made a determination to apply this statute to acquisitions for COTS items.
C. Determinations
While the law does not specifically address acquisitions at or below the SAT, or acquisitions of commercial products or commercial services, including COTS items, there is an unacceptable level of risk for the Government in buying products or services subject to a FASCSA order. This level of risk is not alleviated by the fact that the product or service being acquired has been sold or offered for sale to the general public, either in the same form or a modified form as sold to the Government ( i.e., that it is a commercial product or commercial service or COTS item), nor by the small size of the purchase ( i.e., at or below the SAT). As a result, agencies may face increased exposure for violating the law and unknowingly acquiring products or services subject to a FASCSA order absent coverage of these types of acquisitions by this interim rule. Start Printed Page 69507
V. Expected Impact of the Rule
Foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology to commit malicious cyber-enabled attacks, including economic and industrial espionage against the United States and its citizens. Vulnerabilities may be introduced during any phase of the product or service life cycle: design, development and production, distribution, acquisition and deployment, maintenance, and disposal. These vulnerabilities can include the incorporation of malicious software, hardware, and counterfeit components; flawed product designs; and poor manufacturing processes and maintenance procedures.
This rule helps mitigate these supply chain risks by ensuring agencies and contractors are implementing supply chain risk information sharing and FASCSA orders for covered articles as required by the FASC final rule.
Information sharing by Federal agencies with the FASC will ensure that substantial supply chain risks are communicated with impacted parties across the Government so agencies can promptly address the risks. Implementation of FASCSA orders will ensure Federal agencies are not sourcing products or services determined to have a significant supply chain risk ( i.e. subject to a FASCSA order).
DoD, GSA, and NASA have performed a regulatory impact analysis (RIA) on this interim rule. The total estimated public costs associated with this FAR rule in millions of dollars calculated over a ten-year period (calculated at a 3-percent and 7-percent discount rate) are as follows:
Estimated costs 3% Discount rate (million) 7% Discount rate (million) Present Value $745 $903 Annualized 106 105 The following is a summary from the RIA of the specific compliance requirements and the estimated costs of compliance. The RIA includes a detailed discussion and explanation about the assumptions and methodology used to estimate the cost of this regulatory action, including the specific impact and costs for small businesses. It is available at https://www.regulations.gov (search for “FAR Case 2020–011” click “Open Docket,” and view “Supporting Documents”).
The following is a summary of specific compliance requirements that are considered new for Federal offerors, contractors, and subcontractors (hereinafter collectively referred to as “contractors”), as applicable:
- Regulatory familiarization
- Review the System for Award Management (SAM) for FASCSA orders
- Submission of disclosure information
- Review SAM for covered articles/sources subject to a FASCSA order
- Review of supply chain for covered articles/source subject to FASCSA orders
- Submit reporting information identifying covered articles/sources subject to FASCSA orders
Note, at this time no issuing official has issued any FASCSA orders; therefore, the assumptions made below are based on other similar cases where a contractor must review their supply chain and provide alternative sources.
Regulatory Familiarization
It is expected that all contractors will be required to become familiar with these new compliance requirements in the FAR and will be required to update policies and procedures to ensure compliance with FASCSA orders and train their contracts, program, and supply chain personnel on the requirements. While this is a new requirement, restrictions on particular sources or articles are not new to the FAR. This should reduce the impact on contractors from having to establish entirely new processes and procedures, but rather update current ones to add covered articles subject to new FASCSA orders, or any products or services produced or provided by an excluded source. Regulatory familiarization is only expected to have a regulatory impact during the first year of implementation.
Review the System for Award Management (SAM) for FASCSA Orders
In accordance with 52.204–29, offerors must search SAM for any covered articles, or any products or services produced or provided by a source subject to a FASCSA order, as identified in the solicitation.
All offerors will need to review SAM for any applicable FASCSA orders using the search term “FASCSA order”. Offerors and contractors are familiar with SAM and searching for other exclusions such as telecommunications equipment and services established under Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019, Public Law 115–232. The frequency of which an offeror will search SAM will likely be based on the number of contracts and orders that they manage. Some offerors may choose to regularly review SAM for new FASCSA orders on a corporate level and notify applicable personnel when a new order is issued, while others may choose to review SAM with each proposal, likely at least once when the solicitation comes out and once prior to submitting the proposal to ensure compliance with the representation before submission. The frequency with which offerors review SAM will also be based on the number and frequency that FASCSA orders are issued; however at this time no FASCSA orders have been issued.
Submission of Disclosure Information
Once the offeror reviews SAM, they must identify if they cannot represent compliance and intend to propose any covered article or any products or services produced or provided by a source subject to a FASCSA order, in response to the solicitation. If the offeror identifies such items, they must disclose the following information to the Government:
(1) Name of the product or service provided to the Government;
(2) Name of the covered article or source subject to a FASCSA order;
(3) If applicable, name of the vendor, including the Commercial and Government Entity code and unique entity identifier (if known), that supplied the covered article or the product or service to the Offeror;
(4) Brand;
(5) Model number (original equipment manufacturer number, manufacturer part number, or wholesaler number);
(6) Item description;
(7) Reason why the applicable covered article or the product or service is being provided or used.
Depending on the issuing agency, FASCSA orders will only affect some companies and some contracts. Start Printed Page 69508
Reviewing SAM for Excluded Articles/Sources
In accordance with FAR 52.204–30, contractors must review SAM, at least once every three months or as advised by the contracting officer, for any covered articles, or any products or services produced or provided by a source subject to a FASCSA order issued after the date of solicitation. The need to review SAM can also be completed when contractors review SAM as part of their normal business dealings including this rule, which requires review during the solicitation phase. Therefore, the cost impact is already accounted for in this rule; however, the cost impact of submitting a report once a new FASCSA order is identified is accounted for separately below.
Review of Supply Chain for Covered Articles/Source for FASCSA Orders
In accordance with FAR 52.204–30, when a contractor identifies that a covered article or product or service produced or provided by a source is subject to a new FASCSA order, contractors will have to evaluate their supply chain to determine whether it was provided to the Government or used during contract performance.
Submit Reporting Information Identifying Excluded Articles/Sources
In accordance with paragraph (c) of FAR 52.204–30, when a contractor identifies that a covered article or product or service produced or provided by a source is subject to a new FASCSA order and was provided to the Government or used during contract performance, then the contractor must notify the Government within 3 business days and provide the following information:
- Contract number
- Order number(s), if applicable
- Name of the product or service provided to the Government or used during contract performance
- Name of the covered article or source subject to a FASCSA order
- If applicable, name of the vendor, including the Commercial and Government Entity code and unique entity identifier (if known), that supplied the covered article or the product or service to the Contractor
- Brand
- Model number (original equipment manufacturer number, manufacturer part number, or wholesaler number)
- Item description
- Any readily available information about mitigation actions undertaken or recommended.
Within 10 business days of submitting the previous information, the contractor must provide information on mitigation actions taken and actions taken to prevent future submissions of or use of covered articles or sources.
VI. Executive Orders 12866 and 13563
Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). E.O. 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This rule is a significant regulatory action and, therefore was subject to review under Section 6(b) of E.O. 12866, Regulatory Planning and Review, dated September 30, 1993.
VII. Congressional Review Act
As required by the Congressional Review Act (5 U.S.C. 801–808), DoD, GSA, and NASA will send the rule and the “Submission of Federal Rules Under the Congressional Review Act” form to each House of the Congress and to the Comptroller General of the United States. A rule that qualifies under the definition in 5 U.S.C. 804(2) cannot take effect until 60 days after it is published in the Federal Register . The Office of Information and Regulatory Affairs (OIRA) in the Office of Management and Budget has determined that this rule qualifies under the definition in 5 U.S.C. 804(2).
VIII. Regulatory Flexibility Act
DoD, GSA, and NASA expect that this rule may have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601–612. An Initial Regulatory Flexibility Analysis (IRFA) has been performed, and is summarized as follows:
DoD, GSA, and NASA are issuing an interim rule amending the FAR to implement supply chain risk information sharing requirements and exclusion or removal orders consistent with the Federal Acquisition Supply Chain Security Act of 2018 and a final rule issued by the Federal Acquisition Security Council (FASC).
The objective of this interim rule is to implement supply chain risk information sharing and FASCSA orders.
The legal basis for the rule is the Federal Acquisition Supply Chain Security Act of 2018 (title II of the SECURE Technology Act, Pub. L. 115–390, Dec. 21, 2018), and the final rule issued by the Federal Acquisition Security Council (August 26, 2021, 86 FR 47581, effective September 27, 2021). Promulgation of the FAR is authorized by 40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113.
The interim rule will impact all small entities that are prime contractors and all small entities that are subcontractors. Data from the Federal Procurement Data System (FPDS) for fiscal years (FYs) 2019 through 2021 was used. On average per year the Government awards contracts and orders for supplies and services to 94,035 unique contractors, of which approximately 65 percent or 61,797 are small businesses.
This interim rule will require small entities to: (1) become familiar with the new regulatory requirements; (2) review the System for Award Management (SAM) for FASCSA orders; (3) submit disclosure information; (4) review SAM for excluded articles or sources; (5) review their supply chain for covered articles or sources prohibited by a FASCSA order; and (6) submit a report identifying if a prohibited article or source was delivered to the government in the performance of the contract.
To comply with the new regulatory requirements, it is expected that all small entities, or 61,797 will need to become familiar with FASCSA orders. Additionally, this regulatory familiarization may also include updating policies and procedures to ensure compliance. However, exclusions are not new to the FAR making the impact less.
Once a small entity intends to respond to a solicitation, they will need to review the solicitation to identify which FASCSA orders apply to the current solicitation and subsequent contract, and search SAM for more information on applicable FASCSA orders. It is estimated that all small entities, 61,797, will review SAM for FASCSA orders when responding to a solicitation.
It is estimated that a small number of small entities, 10 percent or 3,090, will not be able to represent compliance with the prohibition and therefore must disclose to the Government that they intend to propose a covered article or source prohibited by an applicable FASCSA order. Failure to comply with the prohibition poses risk for the contractor in not being awarded a contract if a waiver from the requirement is not obtained.
Small entities will be required to review SAM for any covered articles or any products or services produced or provided by a source, including contractor use of covered articles or sources, subject to a FASCSA order during the performance of the contract. This is not expected to create any additional impact because small entities are already searching SAM as part of this rule when responding to a solicitation.
When a new FASCSA order is issued, small entities may have to review their supply chain to determine whether a covered article or any products or services produced or provided by a source subject to a FASCSA order were used or provided to the Government during the performance of the contract. This is estimated to impact approximately half of small entities, 30,899 Start Printed Page 69509 because not all FASCSA orders will apply to every contract or contractor.
It is estimated that a very small subset of small entities, 3 percent or 927, may identify a covered article or any products or services produced or provided by a source subject to a FASCSA order that were delivered during the performance of the contract, and be required to submit a report to the Government.
The rule does not duplicate, overlap, or conflict with any other Federal rules.
It was contemplated during the development of this rule to create a representation requirement in SAM for contractors to complete annually and then update on a solicitation-by-solicitation basis, if necessary. The current process reduces the impact by replacing the SAM representation with a representation by submission of the offer. There are no other available alternatives to the proposed rule to accomplish the desired objective of the statute.
The Regulatory Secretariat Division has submitted a copy of the IRFA to the Chief Counsel for Advocacy of the Small Business Administration. A copy of the IRFA may be obtained from the Regulatory Secretariat Division. DoD, GSA, and NASA invite comments from small business concerns and other interested parties on the expected impact of this rule on small entities.
DoD, GSA, and NASA will also consider comments from small entities concerning the existing regulations in subparts affected by the rule in accordance with 5 U.S.C. 610. Interested parties must submit such comments separately and should cite 5 U.S.C. 610 (FAR Case 2020–011), in correspondence.
IX. Paperwork Reduction Act
The Paperwork Reduction Act (PRA) of 1995 (44 U.S.C. 3501–3521) applies. The rule contains information collection requirements. The PRA provides that an agency generally cannot conduct or sponsor a collection of information, and no person is required to respond to nor be subject to a penalty for failure to comply with a collection of information, unless that collection has obtained OMB approval and displays a currently valid OMB Control Number.
DoD, GSA, and NASA are requesting emergency processing of the collection of information involved in this rule, consistent with 5 CFR 1320.13. DoD, GSA, and NASA have determined the following conditions have been met:
a. The collection of information is needed prior to the expiration of time periods normally associated with a routine submission for review under the provisions of the PRA, because agencies subject to the FAR would not have a mechanism to implement any FASCSA orders issued by the FASC.
b. The collection of information is essential to the mission of the agencies to protect the Government supply chain from vulnerabilities posed by acquiring products or services that violate a FASCSA order issued under the authority of the Federal Acquisition Supply Chain Security Act of 2018 and the final rule issued by the FASC.
c. Moreover, DoD, GSA, and NASA cannot comply with the normal clearance procedures because public harm is reasonably likely to result if current clearance procedures are followed. Authorizing collection of this information will ensure that agencies have a mechanism to implement FASCSA orders and address vulnerabilities in supply chains that can enable data and intellectual property theft, loss of confidence in integrity, or exploitation that causes system and network failure.
DoD, GSA, and NASA will publish a separate 30-day notice in the Federal Register requesting public comment on the proposed emergency information collections contained within this rule under OMB Control Number 9000–0205, Implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders.
Public Reporting Burden
Public reporting burden for this collection of information is estimated to average 2 hours per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information.
The annual reporting burden is estimated as follows:
Respondents: 6,113.
Total Annual Responses: 6,113.
Total Burden Hours: 12,226.
X. Determination To Issue an Interim Rule
Pursuant to 41 U.S.C. 1707(d), a determination has been made under the authority of the Secretary of Defense, the Administrator of General Services, and the Administrator of the National Aeronautics and Space Administration that urgent and compelling reasons exist to promulgate this interim rule without prior opportunity for public comment. It is critical that the FAR is revised promptly to reflect the current requirements of the law, which prohibits the Federal Government from acquiring products or services that violate the prohibition of an exclusion or removal order issued pursuant to the Federal Acquisition Supply Chain Security Act (FASCSA) of 2018 and the final rule issued by the FASC.
The Secretary of Homeland Security, the Secretary of Defense, and the Director of National Intelligence may issue a FASCSA order at any time. For this reason, this FAR rule must take effect without awaiting the delay associated with solicitation, review, and response to public comments to ensure agencies and contractors are able to promptly implement supply chain risk information sharing and FASCSA orders. If a FASCSA order is issued agencies are required to implement that order. In the absence of issuing this FAR rule immediately, agencies will be forced to issue individual agency policies and procedures including drafting contract provisions for inclusion in all agency contracts. Due to the complexity of this novel requirement, it has taken several years to draft and develop the framework of this FAR rule and involved many Government agencies in the process. Each agency would now be required to start this process over and develop their own agency policies and procedures, further delaying the implementation of FASCSA orders and likely resulting in inconsistent contract terms and implementation across multiple agencies and gaps in compliance.
Failure to implement FASCSA orders uniformly across the Government would adversely impact national security making it critical to implement this FAR rule without delay. Vulnerabilities in supply chains for covered articles can enable data and intellectual property theft, loss of confidence in integrity, or exploitation to cause system and network failure. The cost to our nation comes not only in lost innovation, jobs, and economic advantage, but also in reduced military strength. Delaying implementation of this interim rule would increase national security risks to the Government posed by covered articles subject to a FASCSA order. Therefore, a Governmentwide FAR rule is the best tool available now to provide a consistent and reliable implementation across agencies.
Consistent with the Congressional Review Act (CRA) (5 U.S.C. 801–808), this rule will not take effect until 60 days after it is published in the Federal Register , allowing Congress time to review this interim rule. This short delay in the effective date is beneficial to both contracting agencies and industry to provide the necessary time to assess and prepare to implement the new requirements. Both contracting agencies and industry will need to develop and implement new policies and procedures, notify and train their workforce on the new requirements, and update contract writing systems to Start Printed Page 69510 incorporate the new provisions and clause. This 60-day delay associated with the CRA is significantly shorter than the delay associated with issuing a proposed rule, and thus avoids the risks associated with extended delay highlighted above.
Pursuant to 41 U.S.C. 1707 and FAR 1.501–3(b), the Department of Defense, General Services Administration, and National Aeronautics and Space Administration will consider public comments received in response to this interim rule in the formation of the final rule.
Start List of SubjectsList of Subjects in 48 CFR Parts 1, 4, 9, 13, 39, and 52
- Government procurement
William F. Clark,
Director, Office of Government-wide Acquisition Policy, Office of Acquisition Policy, Office of Government-wide Policy.
Therefore, DoD, GSA, and NASA amend 48 CFR parts 1, 4, 9, 13, 39, and 52 as set forth below:
Start Amendment Part1. The authority citation for 48 CFR parts 1, 4, 9, 13, 39, and 52 continues to read as follows:
End Amendment Part Start PartPART 1—FEDERAL ACQUISITION REGULATIONS SYSTEM
End Part Start Amendment Part2. In section 1.106, amend the table by adding in numerical order entries for 4.23, 52.204–29, and 52.204–30 to read as follows:
End Amendment PartOMB approval under the Paperwork Reduction Act.* * * * *FAR segment OMB control No. * * * * * 4.23 9000–0205 * * * * * 52.204–29 9000–0205 52.204–30 9000–0205 * * * * * PART 4—ADMINISTRATIVE AND INFORMATION MATTERS
End Part Start Amendment Part3. Revise section 4.2001 to read as follows:
End Amendment PartDefinitions.As used in this subpart—
Kaspersky Lab covered article means any hardware, software, or service that—
(1) Is developed or provided by a Kaspersky Lab covered entity;
(2) Includes any hardware, software, or service developed or provided in whole or in part by a Kaspersky Lab covered entity; or
(3) Contains components using any hardware or software developed in whole or in part by a Kaspersky Lab covered entity.
Kaspersky Lab covered entity means—
(1) Kaspersky Lab;
(2) Any successor entity to Kaspersky Lab, including any change in name, e.g., “Kaspersky”;
(3) Any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(4) Any entity of which Kaspersky Lab has a majority ownership.
[Amended]4. Amend section 4.2002 by removing from paragraphs (a) and (b) the word “covered” and adding “Kaspersky Lab covered” in its place.
End Amendment Part[Amended]5. Amend section 4.2004 by removing “Kaspersky Lab and Other Covered” and adding “Kaspersky Lab Covered” in its place.
End Amendment Part Start Amendment Part6. Add subpart 4.23 to read as follows:
End Amendment PartSubpart 4.23—Federal Acquisition Security Council
Subpart 4.23—Federal Acquisition Security Council
Scope of subpart.This subpart implements the Federal Acquisition Supply Chain Security Act of 2018 (title II of Pub. L. 115–390) and the Federal Acquisition Security Council (FASC) regulation at 41 CFR part 201–1. The authority provided in this subpart expires on December 31, 2033 (see 41 U.S.C. 1328).
Definitions.As used in this subpart—
Covered article, as defined in 41 U.S.C. 4713(k), means—
(1) Information technology, as defined in 40 U.S.C. 11101, including cloud computing services of all types;
(2) Telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153);
(3) The processing of information on a Federal or non-Federal information system, subject to the requirements of the Controlled Unclassified Information program (see 32 CFR part 2002); or
(4) Hardware, systems, devices, software, or services that include embedded or incidental information technology.
FASCSA order means any of the following orders issued under the Federal Acquisition Supply Chain Security Act (FASCSA) requiring the removal of covered articles from executive agency information systems or the exclusion of one or more named sources or named covered articles from executive agency procurement actions, as described in 41 CFR 201–1.303(d) and (e):
(1) The Secretary of Homeland Security may issue FASCSA orders applicable to civilian agencies, to the extent not covered by paragraph (2) or (3) of this definition. This type of FASCSA order may be referred to as a Department of Homeland Security (DHS) FASCSA order.
(2) The Secretary of Defense may issue FASCSA orders applicable to the Department of Defense (DoD) and national security systems other than sensitive compartmented information systems. This type of FASCSA order may be referred to as a DoD FASCSA order.
(3) The Director of National Intelligence (DNI) may issue FASCSA orders applicable to the intelligence community and sensitive compartmented information systems, to the extent not covered by paragraph (2) of this definition. This type of FASCSA order may be referred to as a DNI FASCSA order.
Federal Acquisition Security Council (FASC) means the Council established pursuant to 41 U.S.C. 1322(a).
Intelligence community, as defined by 50 U.S.C. 3003(4), means the following—
(1) The Office of the Director of National Intelligence;
(2) The Central Intelligence Agency;
(3) The National Security Agency;
(4) The Defense Intelligence Agency;
(5) The National Geospatial-Intelligence Agency;
(6) The National Reconnaissance Office;
(7) Other offices within the Department of Defense for the collection of specialized national intelligence through reconnaissance programs;
(8) The intelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Coast Guard, the Start Printed Page 69511 Federal Bureau of Investigation, the Drug Enforcement Administration, and the Department of Energy;
(9) The Bureau of Intelligence and Research of the Department of State;
(10) The Office of Intelligence and Analysis of the Department of the Treasury;
(11) The Office of Intelligence and Analysis of the Department of Homeland Security; or
(12) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence and the head of the department or agency concerned, as an element of the intelligence community.
National security system, as defined in 44 U.S.C. 3552, means any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—
(1) The function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions, but does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications); or
(2) Is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
Reasonable inquiry means an inquiry designed to uncover any information in the entity's possession about the identity of any covered articles, or any products or services produced or provided by a source. This applies when the covered article or the source is subject to an applicable FASCSA order. A reasonable inquiry excludes the need to include an internal or third-party audit.
Sensitive compartmented information means classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.
Sensitive compartmented information system means a national security system authorized to process or store sensitive compartmented information.
Source means a non-Federal supplier, or potential supplier, of products or services, at any tier.
Supply chain risk, as defined in 41 U.S.C. 4713(k), means the risk that any person may sabotage, maliciously introduce unwanted functionality, extract data, or otherwise manipulate the design, integrity, manufacturing, production, distribution, installation, operation, maintenance, disposition, or retirement of covered articles so as to surveil, deny, disrupt, or otherwise manipulate the function, use, or operation of the covered articles or information stored or transmitted on the covered articles.
Supply chain risk information includes, but is not limited to, information that describes or identifies:
(1) Functionality and features of covered articles, including access to data and information system privileges;
(2) The user environment where a covered article is used or installed;
(3) The ability of a source to produce and deliver covered articles as expected;
(4) Foreign control of, or influence over, a source or covered article ( e.g., foreign ownership, personal and professional ties between a source and any foreign entity, legal regime of any foreign country in which a source is headquartered or conducts operations);
(5) Implications to government mission(s) or assets, national security, homeland security, or critical functions associated with use of a covered source or covered article;
(6) Vulnerability of Federal systems, programs, or facilities;
(7) Market alternatives to the covered source;
(8) Potential impact or harm caused by the possible loss, damage, or compromise of a product, material, or service to an organization's operations or mission; and
(9) Likelihood of a potential impact or harm, or the exploitability of a system;
(10) Security, authenticity, and integrity of covered articles and their supply and compilation chain;
(11) Capacity to mitigate risks identified;
(12) Factors that may reflect upon the reliability of other supply chain risk information; and
(13) Any other considerations that would factor into an analysis of the security, integrity, resilience, quality, trustworthiness, or authenticity of covered articles or sources.
Sharing supply chain risk information.(a) Executive agencies are required to share relevant supply chain risk information with the FASC if the executive agency has determined there is a reasonable basis to conclude a substantial supply chain risk associated with a source or covered article exists (see 41 CFR 201–1.201).
(b) In support of information sharing described in paragraph (a) of this section, the contracting officer shall work with the program office or requiring activity in accordance with agency procedures regarding the sharing of relevant information on actual or potential supply chain risk determined to exist during the procurement process.
FASCSA orders.(a) Executive agencies are prohibited from procuring or obtaining, or extending or renewing a contract to procure or obtain, any covered article, or any products or services produced or provided by a source, including contractor use of covered articles or sources, if that prohibition is established by an applicable FASCSA order issued by the Director of National Intelligence, Secretary of Defense, or Secretary of Homeland Security (the “issuing official”)(see 41 CFR 201–1.304(a)).
(b) If a covered article or the source is subject to an applicable Governmentwide FASCSA order issued collectively by the Director of National Intelligence, Secretary of Defense, and Secretary of Homeland Security, executive agencies responsible for management of the Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts shall facilitate implementation of a collective FASCSA order by removing the covered articles or sources identified in the FASCSA order from such contracts (see 41 CFR 201–1.303(g)).
(c)(1) FASCSA orders regarding sources or covered articles will be found in the System for Award Management (SAM), by searching for the phrase “FASCSA order”. SAM may be updated as new FASCSA orders are issued.
(2) Some FASCSA orders will not be identified in SAM and will need to be identified in the solicitation to be effective for that acquisition. The requiring activity or program office will identify these FASCSA orders to the contracting officer (see 4.2304(d)).
(3) The contracting officer shall work with the program office or requiring activity to identify which FASCSA orders apply to the acquisition.
Procedures.(a) Identifying applicable FASCSA orders. The applicability of FASCSA orders to a particular acquisition depends on the contracting office's agency, the scope of the FASCSA order, Start Printed Page 69512 the funding, and whether the requirement involves certain types of information systems (see the definition of FASCSA order at 4.2301). The contracting officer shall coordinate with the program office or requiring activity to identify the FASCSA order(s) that apply to the acquisition as follows:
(1) Unless the program office or requiring activity instructs the contracting officer otherwise, FASCSA orders apply as follows: contracts awarded by civilian agencies will be subject to DHS FASCSA orders, and contracts awarded by the Department of Defense will be subject to DoD FASCSA orders. See paragraph (b) of 52.204–30, Federal Acquisition Supply Chain Security Act Orders-Prohibition.
(2) For acquisitions where the program office or the requiring activity instructs the contracting officer to select specific FASCSA orders, the contracting officer must select “yes” or “no” for each applicable type of FASCSA order ( i.e., “DHS FASCSA Order” “DoD FASCSA Order” or “DNI FASCSA Order”). See paragraph (b)(1) of 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition, with its Alternate I.
(b) Federal Supply Schedules, Governmentwide acquisition contracts, multi-agency contracts specific procedures— (1) Applying FASCSA orders. An agency awarding this type of contract may choose to apply FASCSA orders in accordance with agency policy as follows:
(i) Application at the contract level. The agency awarding the basic contract may choose to apply FASCSA orders to the basic contract award. This is the preferred method, especially if small value orders or orders without a request for quotation (RFQ) are expected. Ordering activity contracting officers may use this contract vehicle without taking further steps to identify applicable FASCSA orders in the order. The contracting officer awarding the basic contract would select “yes” for all FASCSA orders ( i.e., “DHS FASCSA Order” “DoD FASCSA Order” and “DNI FASCSA Order”) (see paragraph (b)(1) of 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition, with its Alternate I). If the contracting officer becomes aware of a newly issued applicable FASCSA order, then the agency awarding the basic contract shall modify the basic contract to remove any covered article, or any products or services produced or provided by a source, prohibited by the newly issued FASCSA order.
(ii) Application at the order level. The agency awarding the basic contract may choose to apply FASCSA orders at the order level, as implemented by the ordering activity contracting officer.
(2) Collective FASCSA orders. If a new FASCSA order is issued collectively by the Secretary of Homeland Security, Secretary of Defense, and Director of National Intelligence, then the contracting officer shall modify the basic contract based upon the requirements of the order, removing any covered article, or any products or services produced or provided by a source (see 4.2303(b)).
(3) Interagency acquisitions. For an interagency acquisition (see subpart 17.5) where the funding agency differs from the awarding agency, the funding agency shall determine the applicable FASCSA orders.
(4) Inconsistencies. If any inconsistency is identified between the basic contract and the order, then the FASCSA orders identified in the order will take precedence.
(c) Updating the solicitation or contract for new FASCSA orders. The contracting officer shall update a solicitation or contract if the program office or requiring activity determines it is necessary to:
(1) Amend the solicitation to incorporate FASCSA orders in effect after the date the solicitation was issued but prior to contract award; or
(2) Modify the contract to incorporate FASCSA orders issued after the date of contract award.
(i) Any such modification should take place within a reasonable amount of time, but no later than 6 months from the determination of the program office or requiring activity.
(ii) If the contract is not modified within the time specified in paragraph (c)(2)(i) of this section, then the contract file shall be documented providing rationale why the contract could not be modified within this timeframe.
(d) Agency specific procedures. The contracting officer shall follow agency procedures for implementing FASCSA orders not identified in SAM (see 4.2303(c)(2)).
(e) Disclosures. If an offeror provides a disclosure pursuant to paragraph (e) of 52.204–29, Federal Acquisition Supply Chain Security Act Orders—Representation and Disclosures, the contracting officer shall engage with the program office or requiring activity to determine whether to pursue a waiver, if available, in accordance with 4.2305 and agency procedures or not award to that offeror. For FASCSA orders handled at the order level, the disclosures language is found at paragraph (b)(5) of 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition, with its Alternate II.
(f) Waiver. An acquisition may be either fully or partially covered by a waiver. Partial waiver coverage occurs when only portions of the products or services being procured or provided by a source are covered by an applicable waiver. If the requiring activity notifies the contracting officer that the acquisition is partially covered by an approved individual waiver or class waiver under 4.2305, then the contracting officer shall work with the program office or requiring activity to identify in the solicitation, RFQ, or order, the covered articles or services produced by or provided by a source that are subject to the waiver (see 41 CFR 201–1.304(b)).
(g) Reporting. If a contractor provides a report pursuant to paragraph (c) of 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition, the contracting officer shall engage with the agency supply chain risk management program in accordance with agency procedures.
Waivers.(a) An executive agency required to comply with a FASCSA order may submit a request that the order or some of its provisions not apply to—
(1) The agency;
(2) Specific actions of the agency or a specific class of acquisitions;
(3) Actions of the agency for a period of time before compliance with the order is practicable; or
(4) Other activities, as appropriate, that the requesting agency identifies.
(b) A request for waiver shall be submitted by the executive agency in writing to the official that issued the order, unless other instructions for submission are provided by the applicable FASCSA order.
(c) The request for waiver shall provide the following information for the issuing official to review and evaluate the request, including—
(1) Identification of the applicable FASCSA order;
(2) A description of the exception sought, including, if limited to only a portion of the order, a description of the order provisions from which an exception is sought;
(3) The name or a description sufficient to identify the covered article or the product or service provided by a source that is subject to the order from which an exception is sought;
(4) Compelling justification for why an exception should be granted, such as the impact of the order on the agency's ability to fulfill its mission-critical functions, or considerations related to Start Printed Page 69513 the national interest, including national security reviews, national security investigations, or national security agreements;
(5) Any alternative mitigations to be undertaken to reduce the risks addressed by the FASCSA order; and
(6) Any other information requested by the issuing official.
(d) The contracting officer, in accordance with agency procedures and working with the program office or requiring activity, shall decide whether to pursue a waiver or to make award to an offeror that does not require a waiver in accordance with the procedures at 4.2304(f). If a waiver is being pursued, then the contracting officer may not make an award until written approval is obtained that the waiver has been granted.
Solicitation provision and contract clauses.(a) In all Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts where FASCSA orders are applied at the order level, the contracting officer shall insert the clause at 52.204–28, Federal Acquisition Supply Chain Security Act Orders—Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts, in the basic contract solicitation and resultant contract (see 4.2304(b)(1)(ii)).
(b) The contracting officer shall insert the provision at 52.204–29, Federal Acquisition Supply Chain Security Act Orders—Representation and Disclosures—
(1) In all solicitations, except for Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts.
(2) In all solicitations for Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts, if FASCSA orders are applied at the contract level (see 4.2304(b)(1)(i)).
(c) The contracting officer shall insert the clause at 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition—
(1) In solicitations and contracts if the conditions specified at 4.2304(a)(1) apply, except for Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts. For acquisitions where conditions specified at 4.2304(a)(2) apply, then the contracting officer shall use the clause with its Alternate I.
(2) In Federal Supply Schedules, Governmentwide acquisition contracts, and multi-agency contracts—
(i) Where FASCSA orders are applied at the contract level, with its Alternate I in all solicitations and resultant contracts. See 4.2304(b)(1)(i).
(ii) Where FASCSA orders are applied at the order level, with its Alternate II in all RFQs, or in all notices of intent to place an order. See 4.2304(b)(1)(ii).
PART 9—CONTRACTOR QUALIFICATIONS
End Part Start Amendment Part7. Amend section 9.400 by adding paragraph (c) to read as follows:
End Amendment PartScope of subpart.* * * * *(c) For Federal Acquisition Supply Chain Security Act (FASCSA) orders, see subpart 4.23.
PART 13—SIMPLIFIED ACQUISITION PROCEDURES
End Part Start Amendment Part8. Amend section 13.201 by adding paragraph (l) to read as follows:
End Amendment PartGeneral.* * * * *(l) Do not procure or obtain, or extend or renew a contract to procure or obtain, any covered article, or any products or services produced or provided by a source, including contractor use of covered articles or sources, if prohibited from doing so by an applicable Federal Acquisition Supply Chain Security Act (FASCSA) order issued by the Director of National Intelligence, Secretary of Defense, or Secretary of Homeland Security (see 4.2303).
PART 39—ACQUISITION OF INFORMATION TECHNOLOGY
End Part Start Amendment Part9. Amend section 39.101 by adding paragraph (h) to read as follows:
End Amendment PartPolicy.* * * * *(h) Executive agencies are prohibited from procuring or obtaining, or extending or renewing a contract to procure or obtain, any covered article, or any products or services produced or provided by a source, including contractor use of covered articles or sources, if prohibited from doing so by an applicable FASCSA order issued by the Director of National Intelligence, Secretary of Defense, or Secretary of Homeland Security (see 4.2303).
PART 52—SOLICITATION PROVISIONS AND CONTRACT CLAUSES
End Part Start Amendment Part10. Amend section 52.204–23 by—
End Amendment Part Start Amendment Parta. Revising the section heading, clause heading, and the date of the clause;
End Amendment Part Start Amendment Partb. In paragraph (a):
End Amendment Part Start Amendment Parti. Removing the definition “Covered article” and adding the definition of “Kaspersky Lab covered article” in its place; and
End Amendment Part Start Amendment Partii. Removing the definition “Covered entity” and adding the definition “Kaspersky Lab covered entity” in its place;
End Amendment Part Start Amendment Partc. In paragraph (b) removing “covered article” wherever it appears and adding “Kaspersky Lab covered article” in its place, respectively;
End Amendment Part Start Amendment Partd. Removing from the first sentence in paragraph (c)(1) “identifies a covered article” and adding “identifies a Kaspersky Lab covered article” in its place;
End Amendment Part Start Amendment Parte. Removing from paragraph (c)(2)(i) “1 business day” and adding “3 business days” in its place; and
End Amendment Part Start Amendment Partf. Removing from paragraph (c)(2)(ii) “covered article” wherever it appears and adding “Kaspersky Lab covered article” in its place and removing from the end of the paragraph “covered articles” and adding “Kaspersky Lab covered articles” in its place.
End Amendment PartThe revisions and additions read as follows:
Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities.* * * * *Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities (DEC 2023)
(a) * * *
Kaspersky Lab covered article means any hardware, software, or service that—
(1) Is developed or provided by a Kaspersky Lab covered entity;
(2) Includes any hardware, software, or service developed or provided in whole or in part by a Kaspersky Lab covered entity; or
(3) Contains components using any hardware or software developed in whole or in part by a Kaspersky Lab covered entity.
Kaspersky Lab covered entity means—
(1) Kaspersky Lab;
(2) Any successor entity to Kaspersky Lab, including any change in name, e.g., “Kaspersky”;
(3) Any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(4) Any entity of which Kaspersky Lab has a majority ownership.
* * * * *11. Add sections 52.204–28, 52.204–29, and 52.204–30 to read as follows:
End Amendment Part- 52.204–28
- Federal Acquisition Supply Chain Security Act Orders—Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts.
- 52.204–29
- Federal Acquisition Supply Chain Security Act Orders—Representation and Disclosures. Start Printed Page 69514
- 52.204–30
- Federal Acquisition Supply Chain Security Act Orders—Prohibition.
* * * * ** * * * *Federal Acquisition Supply Chain Security Act Orders—Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts.As prescribed in 4.2306(a), insert the following clause:
Federal Acquisition Supply Chain Security Act Orders—Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts (DEC 2023)
(a) Definitions. As used in this clause—
Covered article, as defined in 41 U.S.C. 4713(k), means—
(1) Information technology, as defined in 40 U.S.C. 11101, including cloud computing services of all types;
(2) Telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153);
(3) The processing of information on a Federal or non-Federal information system, subject to the requirements of the Controlled Unclassified Information program (see 32 CFR part 2002); or
(4) Hardware, systems, devices, software, or services that include embedded or incidental information technology.
FASCSA order means any of the following orders issued under the Federal Acquisition Supply Chain Security Act (FASCSA) requiring the removal of covered articles from executive agency information systems or the exclusion of one or more named sources or named covered articles from executive agency procurement actions, as described in 41 CFR 201–1.303(d) and (e):
(1) The Secretary of Homeland Security may issue FASCSA orders applicable to civilian agencies, to the extent not covered by paragraph (2) or (3) of this definition. This type of FASCSA order may be referred to as a Department of Homeland Security (DHS) FASCSA order.
(2) The Secretary of Defense may issue FASCSA orders applicable to the Department of Defense (DoD) and national security systems other than sensitive compartmented information systems. This type of FASCSA order may be referred to as a DoD FASCSA order.
(3) The Director of National Intelligence (DNI) may issue FASCSA orders applicable to the intelligence community and sensitive compartmented information systems, to the extent not covered by paragraph (2) of this definition. This type of FASCSA order may be referred to as a DNI FASCSA order.
Intelligence community, as defined by 50 U.S.C. 3003(4), means the following—
(1) The Office of the Director of National Intelligence;
(2) The Central Intelligence Agency;
(3) The National Security Agency;
(4) The Defense Intelligence Agency;
(5) The National Geospatial-Intelligence Agency;
(6) The National Reconnaissance Office;
(7) Other offices within the Department of Defense for the collection of specialized national intelligence through reconnaissance programs;
(8) The intelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Coast Guard, the Federal Bureau of Investigation, the Drug Enforcement Administration, and the Department of Energy;
(9) The Bureau of Intelligence and Research of the Department of State;
(10) The Office of Intelligence and Analysis of the Department of the Treasury;
(11) The Office of Intelligence and Analysis of the Department of Homeland Security; or
(12) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence and the head of the department or agency concerned, as an element of the intelligence community.
National security system, as defined in 44 U.S.C. 3552, means any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—
(1) The function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions, but does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications); or
(2) Is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
Sensitive compartmented information means classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.
Sensitive compartmented information system means a national security system authorized to process or store sensitive compartmented information.
Source means a non-Federal supplier, or potential supplier, of products or services, at any tier.
(b) Notice. During contract performance, the Contractor shall be required to comply with any of the following that apply: DHS FASCSA orders, DoD FASCSA orders, or DNI FASCSA orders. The applicable FASCSA order(s) will be identified in the request for quotation (see 8.405–2), or in the notice of intent to place an order (see 16.505(b)). FASCSA orders will be identified in paragraph (b)(1) of FAR 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition, with its Alternate II.
(c) Removal. Upon notification from the contracting officer, during the performance of the contract, the Contractor shall promptly make any necessary changes or modifications to remove any covered article or any product or service produced or provided by a source that is subject to an applicable Governmentwide FASCSA order (see FAR 4.2303(b)).
(End of clause)
Federal Acquisition Supply Chain Security Act Orders—Representation and Disclosures.As prescribed in 4.2306(b), insert the following provision:
Federal Acquisition Supply Chain Security Act Orders—Representation and Disclosures (DEC 2023)
(a) Definitions. As used in this provision, Covered article, FASCSA order, Intelligence community, National security system, Reasonable inquiry, Sensitive compartmented information, Sensitive compartmented information system, and Source have the meaning provided in the clause 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition.
(b) Prohibition. Contractors are prohibited from providing or using as part of the performance of the contract any covered article, or any products or services produced or provided by a source, if the prohibition is set out in an applicable Federal Acquisition Supply Chain Security Act (FASCSA) order, as described in paragraph (b)(1) of FAR 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition.
(c) Procedures. (1) The Offeror shall search for the phrase “FASCSA order” in the System for Award Management (SAM)( https://www.sam.gov) for any covered article, or any products or services produced or provided by a source, if there is an applicable FASCSA order described in paragraph (b)(1) of FAR 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition.
(2) The Offeror shall review the solicitation for any FASCSA orders that are not in SAM, but are effective and do apply to the solicitation and resultant contract (see FAR 4.2303(c)(2)).
(3) FASCSA orders issued after the date of solicitation do not apply unless added by an amendment to the solicitation.
(d) Representation. By submission of this offer, the offeror represents that it has conducted a reasonable inquiry, and that the offeror does not propose to provide or use in response to this solicitation any covered article, or any products or services produced or provided by a source, if the covered article or the source is prohibited by an applicable FASCSA order in effect on the date the solicitation was issued, except as waived by the solicitation, or as disclosed in paragraph (e).
(e) Disclosures. The purpose for this disclosure is so the Government may decide whether to issue a waiver. For any covered article, or any products or services produced or provided by a source, if the covered article or the source is subject to an applicable FASCSA order, and the Offeror is unable to represent compliance, then the Offeror shall provide the following information as part of the offer: Start Printed Page 69515
(1) Name of the product or service provided to the Government;
(2) Name of the covered article or source subject to a FASCSA order;
(3) If applicable, name of the vendor, including the Commercial and Government Entity code and unique entity identifier (if known), that supplied the covered article or the product or service to the Offeror;
(4) Brand;
(5) Model number (original equipment manufacturer number, manufacturer part number, or wholesaler number);
(6) Item description;
(7) Reason why the applicable covered article or the product or service is being provided or used;
(f) Executive agency review of disclosures. The contracting officer will review disclosures provided in paragraph (e) to determine if any waiver may be sought. A contracting officer may choose not to pursue a waiver for covered articles or sources otherwise subject to a FASCSA order and may instead make an award to an offeror that does not require a waiver.
(End of provision)
Federal Acquisition Supply Chain Security Act Orders—Prohibition.As prescribed in 4.2306(c), insert the following clause:
Federal Acquisition Supply Chain Security Act Orders—Prohibition ( DEC 2023 )
(a) Definitions. As used in this clause—
Covered article, as defined in 41 U.S.C. 4713(k), means—
(1) Information technology, as defined in 40 U.S.C. 11101, including cloud computing services of all types;
(2) Telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153);
(3) The processing of information on a Federal or non-Federal information system, subject to the requirements of the Controlled Unclassified Information program (see 32 CFR part 2002); or
(4) Hardware, systems, devices, software, or services that include embedded or incidental information technology.
FASCSA order means any of the following orders issued under the Federal Acquisition Supply Chain Security Act (FASCSA) requiring the removal of covered articles from executive agency information systems or the exclusion of one or more named sources or named covered articles from executive agency procurement actions, as described in 41 CFR 201–1.303(d) and (e):
(1) The Secretary of Homeland Security may issue FASCSA orders applicable to civilian agencies, to the extent not covered by paragraph (2) or (3) of this definition. This type of FASCSA order may be referred to as a Department of Homeland Security (DHS) FASCSA order.
(2) The Secretary of Defense may issue FASCSA orders applicable to the Department of Defense (DoD) and national security systems other than sensitive compartmented information systems. This type of FASCSA order may be referred to as a DoD FASCSA order.
(3) The Director of National Intelligence (DNI) may issue FASCSA orders applicable to the intelligence community and sensitive compartmented information systems, to the extent not covered by paragraph (2) of this definition. This type of FASCSA order may be referred to as a DNI FASCSA order.
Intelligence community, as defined by 50 U.S.C. 3003(4), means the following—
(1) The Office of the Director of National Intelligence;
(2) The Central Intelligence Agency;
(3) The National Security Agency;
(4) The Defense Intelligence Agency;
(5) The National Geospatial-Intelligence Agency;
(6) The National Reconnaissance Office;
(7) Other offices within the Department of Defense for the collection of specialized national intelligence through reconnaissance programs;
(8) The intelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Coast Guard, the Federal Bureau of Investigation, the Drug Enforcement Administration, and the Department of Energy;
(9) The Bureau of Intelligence and Research of the Department of State;
(10) The Office of Intelligence and Analysis of the Department of the Treasury;
(11) The Office of Intelligence and Analysis of the Department of Homeland Security; or
(12) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence and the head of the department or agency concerned, as an element of the intelligence community.
National security system, as defined in 44 U.S.C. 3552, means any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—
(1) The function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions, but does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications); or
(2) Is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
Reasonable inquiry means an inquiry designed to uncover any information in the entity's possession about the identity of any covered articles, or any products or services produced or provided by a source. This applies when the covered article or the source is subject to an applicable FASCSA order. A reasonable inquiry excludes the need to include an internal or third-party audit.
Sensitive compartmented information means classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.
Sensitive compartmented information system means a national security system authorized to process or store sensitive compartmented information.
Source means a non-Federal supplier, or potential supplier, of products or services, at any tier.
(b) Prohibition. (1) Unless an applicable waiver has been issued by the issuing official, Contractors shall not provide or use as part of the performance of the contract any covered article, or any products or services produced or provided by a source, if the covered article or the source is prohibited by an applicable FASCSA orders as follows:
(i) For solicitations and contracts awarded by a Department of Defense contracting office, DoD FASCSA orders apply.
(ii) For all other solicitations and contracts DHS FASCSA orders apply.
(2) The Contractor shall search for the phrase “FASCSA order” in the System for Award Management (SAM) at https://www.sam.gov to locate applicable FASCSA orders identified in paragraph (b)(1).
(3) The Government may identify in the solicitation additional FASCSA orders that are not in SAM, which are effective and apply to the solicitation and resultant contract.
(4) A FASCSA order issued after the date of solicitation applies to this contract only if added by an amendment to the solicitation or modification to the contract (see FAR 4.2304(c)). However, see paragraph (c) of this clause.
(5)(i) If the contractor wishes to ask for a waiver of the requirements of a new FASCSA order being applied through modification, then the Contractor shall disclose the following:
(A) Name of the product or service provided to the Government;
(B) Name of the covered article or source subject to a FASCSA order;
(C) If applicable, name of the vendor, including the Commercial and Government Entity code and unique entity identifier (if known), that supplied or supplies the covered article or the product or service to the Offeror;
(D) Brand;
(E) Model number (original equipment manufacturer number, manufacturer part number, or wholesaler number);
(F) Item description;
(G) Reason why the applicable covered article or the product or service is being provided or used;
(ii) Executive agency review of disclosures. The contracting officer will review disclosures provided in paragraph (b)(5)(i) to determine if any waiver is warranted. A contracting officer may choose not to pursue a waiver for covered articles or sources otherwise covered by a FASCSA order and to instead pursue other appropriate action.
(c) Notice and reporting requirement. (1) During contract performance, the Contractor Start Printed Page 69516 shall review SAM.gov at least once every three months, or as advised by the Contracting Officer, to check for covered articles subject to FASCSA order(s), or for products or services produced by a source subject to FASCSA order(s) not currently identified under paragraph (b) of this clause.
(2) If the Contractor identifies a new FASCSA order(s) that could impact their supply chain, then the Contractor shall conduct a reasonable inquiry to identify whether a covered article or product or service produced or provided by a source subject to the FASCSA order(s) was provided to the Government or used during contract performance.
(3)(i) The Contractor shall submit a report to the contracting office as identified in paragraph (c)(3)(ii) of this clause, if the Contractor identifies, including through any notification by a subcontractor at any tier, that a covered article or product or service produced or provided by a source was provided to the Government or used during contract performance and is subject to a FASCSA order(s) identified in paragraph (b) of this clause, or a new FASCSA order identified in paragraph (c)(2) of this clause. For indefinite delivery contracts, the Contractor shall report to both the contracting office for the indefinite delivery contract and the contracting office for any affected order.
(ii) If a report is required to be submitted to a contracting office under (c)(3)(i) of this clause, the Contractor shall submit the report as follows:
(A) If a Department of Defense contracting office, the Contractor shall report to the website at https://dibnet.dod.mil.
(B) For all other contracting offices, the Contractor shall report to the Contracting Officer.
(4) The Contractor shall report the following information for each covered article or each product or service produced or provided by a source, where the covered article or source is subject to a FASCSA order, pursuant to paragraph (c)(3)(i) of this clause:
(i) Within 3 business days from the date of such identification or notification:
(A) Contract number;
(B) Order number(s), if applicable;
(C) Name of the product or service provided to the Government or used during performance of the contract;
(D) Name of the covered article or source subject to a FASCSA order;
(E) If applicable, name of the vendor, including the Commercial and Government Entity code and unique entity identifier (if known), that supplied the covered article or the product or service to the Contractor;
(F) Brand;
(G) Model number (original equipment manufacturer number, manufacturer part number, or wholesaler number);
(H) Item description; and
(I) Any readily available information about mitigation actions undertaken or recommended.
(ii) Within 10 business days of submitting the information in paragraph (c)(4)(i) of this clause:
(A) Any further available information about mitigation actions undertaken or recommended.
(B) In addition, the Contractor shall describe the efforts it undertook to prevent submission or use of the covered article or the product or service produced or provided by a source subject to an applicable FASCSA order, and any additional efforts that will be incorporated to prevent future submission or use of the covered article or the product or service produced or provided by a source that is subject to an applicable FASCSA order.
(d) Removal. For Federal Supply Schedules, Governmentwide acquisition contracts, multi-agency contracts or any other procurement instrument intended for use by multiple agencies, upon notification from the Contracting Officer, during the performance of the contract, the Contractor shall promptly make any necessary changes or modifications to remove any product or service produced or provided by a source that is subject to an applicable FASCSA order.
(e) Subcontracts. (1) The Contractor shall insert the substance of this clause, including this paragraph (e) and excluding paragraph (c)(1) of this clause, in all subcontracts and other contractual instruments, including subcontracts for the acquisition of commercial products and commercial services.
(2) The Government may identify in the solicitation additional FASCSA orders that are not in SAM, which are effective and apply to the contract and any subcontracts and other contractual instruments under the contract. The Contractor or higher-tier subcontractor shall notify their subcontractors, and suppliers under other contractual instruments, that the FASCSA orders in the solicitation that are not in SAM apply to the contract and all subcontracts.
Alternate I ( DEC 2023 ). As prescribed in 4.2306(c), substitute the following paragraph (b)(1) for paragraph (b)(1) of the basic clause:
(b) Prohibition. (1) Contractors are prohibited from providing or using as part of the performance of the contract any covered article, or any products or services produced or provided by a source, if the covered article or the source is prohibited by any applicable FASCSA orders identified by the checkbox(es) in this paragraph (b)(1).
[ Contracting Officer must select either “yes” or “no” for each of the following types of FASCSA orders:]
Yes ☐ No ☐ DHS FASCSA Order
Yes ☐ No ☐ DoD FASCSA Order
Yes ☐ No ☐ DNI FASCSA Order
Alternate II ( DEC 2023 ). As prescribed in 4.2306(c)(2)(ii), substitute the following paragraph (b) in place of paragraph (b) of the basic clause. This clause applies to each order as identified by the Contracting Officer.
(b) Prohibition. (1) Contractors are prohibited from providing or using as part of the performance of the contract any covered article, or any products or services produced or provided by a source, if the covered article or the source is prohibited by any applicable FASCSA orders identified by the checkbox(es) in this paragraph (b)(1).
[ Contracting Officer must select either “yes” or “no” for each of the following types of FASCSA orders:]
Yes ☐ No ☐ DHS FASCSA order
Yes ☐ No ☐ DoD FASCSA order
Yes ☐ No ☐ DNI FASCSA order
(2) The Contractor shall search for the phrase “FASCSA order” in the System for Award Management (SAM) at https://www.sam.gov to locate applicable FASCSA orders identified in paragraph (b)(1) of this clause.
(3) The Government may identify in the request for quotation (RFQ) or in the notice of intent to place an order additional FASCSA orders that are not in SAM, but are effective and apply to the order.
(4) A FASCSA order issued after the date of the RFQ or the notice of intent to place an order applies to this contract only if added by an amendment to the RFQ or in the notice of intent to place an order or added by modification to the order (see FAR 4.2304(c)). However, see paragraph (c) of this clause.
(5)(i) If the contractor wishes to ask for a waiver, the Contractor shall disclose the following:
(A) Name of the product or service provided to the Government;
(B) Name of the covered article or source subject to a FASCSA order;
(C) If applicable, name of the vendor, including the Commercial and Government Entity code and unique entity identifier (if known), that supplied the covered article or the product or service to the Offeror;
(D) Brand;
(E) Model number (original equipment manufacturer number, manufacturer part number, or wholesaler number);
(F) Item description;
(G) Reason why the applicable covered article or the product or service is being provided or used;
(ii) Executive agency review of disclosures. The contracting officer will review disclosures provided in paragraph (b)(5)(i) of this clause to determine if any waiver may be sought. A contracting officer may choose not to pursue a waiver for covered articles or sources otherwise covered by a FASCSA order and may instead make award to an offeror that does not require a waiver.
(End of clause)
12. Amend section 52.212–5 by—
End Amendment Part Start Amendment Parta. Revising the date of the clause;
End Amendment Part Start Amendment Partb. Removing from paragraph (a)(2) “Lab and Other Covered Entities (NOV 2021)” and adding “Lab Covered Entities ( DEC 2023 )” in its place;
End Amendment Part Start Amendment Partc. Redesignating paragraphs (b)(9) through (64) as paragraphs (b)(11) through (66) and adding new paragraphs (b)(9) and (10);
End Amendment Part Start Amendment Partd. Removing from paragraph (e)(1)(iii) “Lab and Other Covered Entities (NOV 2021)” and adding “Lab Covered Entities ( DEC 2023 )” in its place;
End Amendment Part Start Amendment Parte. Redesignating paragraphs (e)(1)(vi) through (xxiv) as paragraphs (e)(1)(vii) through (xxv) and adding a new paragraph (e)(1)(vi); and
End Amendment Part Start Amendment Partf. In Alternate II— Start Printed Page 69517
End Amendment Part Start Amendment Parti. Revising the date of the alternate;
End Amendment Part Start Amendment Partii. Removing from paragraph (e)(1)(ii)(C) “Lab and Other Covered Entities (NOV 2021)” and adding “Lab Covered Entities ( DEC 2023 )” in its place; and
End Amendment Part Start Amendment Partiii. Redesignating paragraphs (e)(1)(ii)(F) through (W) as paragraphs (e)(1)(ii)(G) through (X) and adding a new paragraph (e)(1)(ii)(F).
End Amendment PartThe revisions and additions read as follows:
Contract Terms and Conditions Required To Implement Statutes or Executive Orders—Commercial Products and Commercial Services.* * * * *Contract Terms and Conditions Required To Implement Statutes or Executive Orders—Commercial Products and Commercial Services ( DEC 2023 )
(b) * * *
__(9) 52.204–28, Federal Acquisition Supply Chain Security Act Orders—Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts. ( DEC 2023 ) (Pub. L. 115–390, title II).
__(10)(i) 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition. ( DEC 2023 ) (Pub. L. 115–390, title II).
__(ii) Alternate I ( DEC 2023 ) of 52.204–30.
* * * * *(e)(1) * * *
(vi)(A) 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition. ( DEC 2023 ) (Pub. L. 115–390, title II).
(B) Alternate I ( DEC 2023 ) of 52.204–30.
* * * * *Alternate II. ( DEC 2023 ) * * *
(e)(1) * * *
(ii) * * *
(F)( 1) 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition. ( DEC 2023 ) (Pub. L. 115–390, title II).
( 2) Alternate I ( DEC 2023 ) of 52.204–30.
* * * * *13. Amend section 52.213–4 by—
End Amendment Part Start Amendment Parta. Revising the date of the clause;
End Amendment Part Start Amendment Partb. Removing from paragraph (a)(1)(ii) “Lab and Other Covered Entities (NOV 2021)” and adding “Lab Covered Entities ( DEC 2023 )” in its place;
End Amendment Part Start Amendment Partc. Redesignating paragraphs (a)(1)(v) through (xi) as paragraphs (a)(1)(vi) through (xii) and adding a new paragraph (a)(1)(v); and
End Amendment Part Start Amendment Partd. Removing from paragraph (a)(2)(vii) “(SEP 2023)” and adding “( DEC 2023 )” in its place.
End Amendment PartThe revision and addition read as follows:
Terms and Conditions-Simplified Acquisitions (Other Than Commercial Products and Commercial Services).* * * * *Terms and Conditions-Simplified Acquisitions (Other Than Commercial Products and Commercial Services) ( DEC 2023)
* * * * *(a) * * *
(1) * * *
(v) 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition. ( DEC 2023 ) (Pub. L. 115–390, title II).
* * * * *Start Amendment Part14. Amend section 52.244–6 by—
End Amendment Part Start Amendment Parta. Revising the date of the clause;
End Amendment Part Start Amendment Partb. Removing from paragraph (c)(1)(v) “Lab and Other Covered Entities (NOV 2021)” and adding “Lab Covered Entities ( Dec 2023 ) in its place; and
End Amendment Part Start Amendment Partc. Redesignating paragraphs (c)(1)(viii) through (xxi) as paragraphs (c)(1)(ix) through (xxii) and adding a new paragraph (c)(1)(viii) in its place.
End Amendment PartThe revision and addition read as follows:
Subcontracts for Commercial Products and Commercial Services.* * * * *Subcontracts for Commercial Products and Commercial Services ( DEC 2023 )
* * * * *(c)(1) * * *
(viii)(A) 52.204–30, Federal Acquisition Supply Chain Security Act Orders—Prohibition. ( DEC 2023 ) (Pub. L. 115–390, title II).
(B) Alternate I ( DEC 2023 ) of 52.204–30.
* * * * *End Supplemental Information[FR Doc. 2023–21320 Filed 10–4–23; 8:45 am]
BILLING CODE 6820–14–P
Document Information
- Effective Date:
- 12/4/2023
- Published:
- 10/05/2023
- Department:
- National Aeronautics and Space Administration
- Entry Type:
- Rule
- Action:
- Interim rule.
- Document Number:
- 2023-21320
- Dates:
- Effective date: December 4, 2023.
- Pages:
- 69503-69517 (15 pages)
- Docket Numbers:
- FAC 2023-06, FAR Case 2020-011, Item I, Docket No. FAR-2020-0011, Sequence No. 1
- RINs:
- 9000-AO13: Federal Acquisition Regulation (FAR); FAR Case 2020-011, Implementation of FASC Exclusion Orders
- RIN Links:
- https://www.federalregister.gov/regulations/9000-AO13/federal-acquisition-regulation-far-far-case-2020-011-implementation-of-fasc-exclusion-orders
- Topics:
- Government procurement
- PDF File:
- 2023-21320.pdf
- CFR: (21)
- 48 CFR 52.213–4
- 48 CFR 52.212–5
- 48 CFR 52.244–6
- 48 CFR 52.204–23
- 48 CFR 52.204–28
- More ...