Add to collection(s) Add to saved
  1. Business
  2. Management

Pursuant to paragraph 26 of L

advertisement 
PURCHASE ORDER TERMS AND CONDITIONS FOR
GOVERNMENT CONTRACTS COVERED BY FEDERAL
ACQUISITION REGULATIONS (FAR)
Pursuant to paragraph 26 of L-3 Communications Combat Propulsion Systems Purchase Order Terms and Conditions, this order is issued under a United States
Government Department of Defense prime contract or subcontract, and the regulations of the below identified clauses set forth in the Federal Acquisition
Regulations (FAR) or DOD FAR Supplement (DFAR) in effect on the date of this order are incorporated herein by reference, it being understood that as used
therein, the terms “Government” and “Contracting Officer” shall be deemed to mean buyer, “Contractor” seller, and “Contract” this purchase order or subcontract.
Available Sites as of this revision: FAR =https://www.acquisition.gov/far/ DFAR=http://farsite.hill.af.mil/VFDFARA.HTMor http://www.acq.osd.mil/dpap/sitemap.html
1)
2)
3)
4)
5)
6)
52.202-1 Definitions
52.203-3 Gratuities
52.203-5 Covenant Against Contingent Fees
52.203-6 Restrictions on Subcontractor Sales to the Government.
52.203-7 Anti-Kickback Procedures.
52.203-8 Cancellation, Rescission and Recovery of Funds for Illegal or
Improper Activity
7) 52.203-10 Price or Fee Adjustment for Illegal or Improper Activity
8) 52.203-11 Certification and Disclosure Regarding Payments to
Influence Certain Federal Transactions.
9) 52.203-12 Limitation of Payments to Influence Certain Federal
Transactions.
10) 52.203-13 Contractor Code of Business Ethics and Conduct (5M+)
11) 52.203-14 Display of Hotline Poster(s) (5M+)
12) 52.203-16 Preventing Personal Conflicts of Interest
13) 52.204-2 Security Requirements.
14) 52.204-4 Printed or Copied Double-sided on Recycled Paper.
15) 52.204-7 Central Contractor Registration.
16) 52-204-9 Personal identity verification of Contractor Personnel
17) 52.208-9 Contractor Use of Mandatory Sources of Supply or Services.
18) 52.209-5 Certification Regarding Debarment, Suspension, Proposed
Debarment and Other Responsibility Matters.
19) 52.209-6 Protecting the Government’s Interest when Subcontracting
with Contractor’s Debarred, Suspended, or Proposed for Debarment.
20) 52.211-5 Material Requirements.
21) 52.211-15 Defense Priority and Allocation Requirements.
22) 52.214-26 Audit and Records-Sealed Bidding.
23) 52.214-27 Price Reduction for Defective Cost of Pricing DataModification-Sealed Bidding.
24) 52.214-28 Subcontractor Cost or Pricing Data-Modifications-Sealed
Bidding.
25) 52.215-2 Audit and Records-Negotiation.
26) 52.215-8 Order of Precedence – Uniform Contract Format.
27) 52.215-10 Price Reduction for Defective Cost or Pricing Data.
28) 52.215-11 Price Reduction for Defective Cost or Pricing DataModifications.
29) 52.215-12 Subcontractor Cost or Pricing Data.
30) 52.215-13 Subcontractor Cost or Pricing Data - Modifications.
31) 52.215-14 Integrity of Unit Prices.
32) 52.215-14 Integrity of Unit Prices Alt 1
33) 52.215-15 Pension Adjustments and Asset Reversions.
34) 52.215-18 Reversion or Adjustment of Plans for Postretirement
Benefits (PRB) Other than Pensions.
35) 52.215-19 Notification of Ownership Changes
36) 52.216-5 Price Redetermination Prospective.
37) 52.216-16 Incentive Price Revision - Firm Target.
38) 52.216-17 Incentive Price Revision - Successive Targets.
39) 52.216-21 Requirements
40) 52.219-8 Utilization of Small Business Concerns.
41) 52.219-9 Small Business Subcontracting Plan
42) 52.219-9 Small Business Subcontracting Plan Alt II
43) 52.219-10 Incentive Subcontracting Program (This clause only applies
if 52.219.9 applies)
44) 52.219-16 Liquidated Damages – Subcontracting Plan (This clause
only applies if 52.219.9 applies)
45) 52.222-1 Notice to Government of Labor Disputes.
46) 52.222-4 Contract Work Hours and Safety Standards Act-Overtime
Compensation.
47) 52.222-6 Davis Bacon Act.
48) 52.222-7 Withholding of Funds.
49) 52.222-8 Payrolls and Basic Records.
50) 52.222-9 Apprentices and Trainees.
51) 52.222-10 Compliance with Copeland Act Requirement.
52) 52.222-11 Subcontracts (Labor Standards).
53) 52.222-12 Contract Termination-Debarment.
54) 52.222-13 Compliance with Davis Bacon and Related Regulation Act.
26-002-0028 (11202013)
55)
56)
57)
58)
59)
60)
61)
62)
52.222-14 Disputes Concerning Labor Standards.
52.222-15 Certification of Eligibility.
52.222-16 Approval of Wage Rates.
52.222-19 Child Labor – Cooperation with Authorities and Remedies.
52.222-20 Walsh Healy Public Contracts Act.
52.222-21 Prohibition of Segregated Facilities
52.222-26 Equal Opportunity.
52.222-35 Equal Opportunity for Special Disabled Veterans, Veterans
of the Vietnam Era, and Other Eligible Veterans.
63) 52.222-36 Affirmative Action for Workers with Disabilities.
64) 52.222-37 Employment Reports on Special Disabled Veterans,
Veterans of the Vietnam Era, and Other Eligible Veterans.
65) 52.222-39 Notification of Employee Rights Concerning Payment of
Union Dues or Fees
66) 52.222-41 Service Contract Act of 1965, as amended.
67) 52.222-50 Combating Trafficking in Persons
68) 52.223-1 [Reserved] (Was Clean Air and Water Certification).
69) 52.223-2 [Reserved] (Was Clean Air and Water).
70) 52.223-3 Hazardous Material Identification and Material Safety Data.
71) 52.223-5 Pollution Prevention and Right to know Information
72) 52.223-6 Drug Free Workplace
73) 52.223-7 Notice of Radioactive Material.
74) 52.223-10 Waste Reduction Program
75) 52.223-11 Ozone-Depleting Substances.
76) 52.224-2 Privacy Act.
77) 52.225-1 Buy American Act - Balance of Payments Program-Supplies
78) 52.225-3 Buy American Act – North American Free Trade Agreement
Israeli Trade Act – Balance of Payments Program
79) 52.228-7 Insurance - Liability to third parties
80) 52.225-8 Duty Free Entry.
81) 52.225-13 Restrictions on Certain Foreign Purchases.
82) 52.227-1 Authorization and Consent Infringement.
83) 52.227-2 Notice and Assistance Regarding Patent and Copyright
Infringement.
84) 52.227-3 Patent Indemnity
85) 52.227-9 Refund of Royalties.
86) 52.227-10 Filing of Patent Applications - Classified Subject Matter.
87) 52.227-11 Patent Rights-Retention by the Contractor (Short Form).
88) 52.227-12 Patent Rights-Retention by the Contractor (Long Form).
89) 52.227-13 Patent Rights-Acquisition by the Government.
90) 52.228-3 Workers’ Compensation Insurance (Defense Base Act).
91) 52.228-4 Worker’s Compensation and War-Hazard Insurance
Overseas
92) 52.228-5 Insurance-Work on a Government Installation.
93) 52.229-4 Federal, State, and Local Taxes (State and Local
Adjustments) (Noncompetitive Contract).
94) 52.229-6 Taxes – Foreign Fixed-Price Contracts.
95) 52.230-2 Cost Accounting Standards.
96) 52.230-3 Disclosure and Consistency of Cost Accounting Practices.
97) 52.230-6 Administration of Cost Accounting Standards.
98) 52.232-1 Payments.
99) 52.232-8 Discounts for Prompt Payment.
100) 52.232-9 Limitation on Withholding of Payments.
101) 52.232-11 Extras
102) 52.232-16 Progress Payments (Alt I - applies Sm Bus only)
103) 52.232-16 Progress Payments (Alternate II)
104) 52.232-17 Interest.
105) 52.232-20 Limitation of Cost
106) 52.232-23 Assignment of Claims. (Alternate I version dated April 1984)
107) 52.232-25 Prompt Payment.
108) 52.232-25 Prompt Payment Alt 1
109) 52.232-33 Payment by Electronic Funds Transfer – Central Contractor
Registration
110) 52.233-1 Disputes.
111) 52.233-1 Disputes Alt 1
112) 52.233-3 Protest After Award.
1
PURCHASE ORDER TERMS AND CONDITIONS FOR
GOVERNMENT CONTRACTS COVERED BY FEDERAL
ACQUISITION REGULATIONS (FAR)
113) 52.233-4 Applicable Law for Breach of Contract Claim.
114) 52.234-1 Industrial Resources developed under Defense Production
Act Title III
115) 52.239-1 Privacy or Security Safeguards.
116) 52.242-1 Notice of Intent of Disallowable Costs
117) 52.242-2 Production Progress Reports
118) 52.242-4 Certification of Final Indirect Costs.
119) 52.242-13 Bankruptcy
120) 52.242-15 Stop Work Order.
121) 52.242-17 Government Delay of Work
122) 52.243-1 Changes -- Fixed-Price
123) 52.243-6 Change Order Accounting
124) 52.243-7 Notification of Changes.
125) 52.244-2 Subcontracts.
126) 52.244-5 Competition in Subcontracting.
127) 52.244-6 Subcontracts for Commercial Items.
128) 52.245-1 Government Property (Deviation) DARS Tracking #2007O0012
129) 52.245-2 Government Property (Fixed Price Contracts).
130) 52.245-4 Government-Furnished Property (Short Form) (Applicable if
acquisition cost of GFP is less than SAT.)
131) 52.245-9 Use and Changes
132) 52.245-17 Special Tooling.
133) 52.245-18 Special Test Equipment.
134) 52.245-19 Government Property Furnished “As Is”.
135) 52.246-2 Inspection of Supplies - Fixed Price Alt 1
136) 52.246-3 Inspection of Supplies-Cost-Reimbursement.
137) 52.246-5 Inspection of Services-Cost-Reimbursement.
138) 52.246-16 Responsibility for Supplies.
139) 52-246-23 Limitation of Liability.
140) 52.246-24 Limitation of Liability - High Value Items.
141) 52.246-25 Limitation of Liability-Services.
142) 52.246-4026 Local Addresses for DD form 250 and WAWF Receiving
Reports
143) 52.247-1 Commercial Bill of Lading Notations
144) 52.247-63 Preference for U.S. - Flag Air Carriers.
145) 52.247-64 Preference for Privately Owned U.S.-Flag Commercial
Vessels.
146) 52.247-68 Report of Shipment (Reship).
147) 52.247-4016 Heat Treatment and Marking of Wood Packaging
Materials
148) 52.248-1 Value Engineering.
149) 52.248-3 Value Engineering-Construction.
150) 52.249-2 Termination for Convenience of the Government (FixedPrice).
151) 52.249-6 Termination (Cost Reimbursement)
152) 52.249-8 Default (Fixed-Price Supply and Service).
153) 52-249-14 Excusable Delays
154) 52.252-6 Authorized Deviations in Clauses.
155) 52.253-1 Computer Generated Forms
156) 252.203-7001 Prohibition on Persons Convicted of Fraud or Other
Defense – Contract – Related Felonies.
157) 252.203–7002 Requirement to Inform Employees of Whistleblower
Rights **see full text separate page
158) 252.204-7000 Disclosure of Information
159) 252.204-7003 Control of Government Personnel Work Product.
160) 252.204-7008 Requirements for Contracts Involving Export Controlled Items
161) 252.204-7012 Safeguarding Unclassified Controlled Technical
Information ** see full text separate page
162) 252.205-7000 Provision of Information to Cooperative Agreement
Holders.
163) 252.209-7000 Acquisition from Subcontractors Subject to On-Site
Inspection under the Intermediate-Range Nuclear Forces (INF) Treaty.
164) 252.209.7004 Subcontracting with Firms that Are Owned or Controlled
by the Government of a Terrorist Country per DoD interim rule, Federal
Register 27 March 1998
165) 252.211-7000 Acquisition Streamlining
166) 252.211-7003 Item Identification and Valuation Alt 1
167) 252.211.7005 Substitutions for Military or Federal Specifications and
26-002-0028 (11202013)
Standards.
168) 252.215-7000 Pricing Adjustments.
169) 252.215-7002 Cost Estimating System Requirements.
170) 252.219-7003 Small Business Subcontracting Plan (DoD Contracts).
171) 252.217-7026 Identification of Sources Supply.
172) 252.223-7001 Hazard Warning Labels.
173) 252.223-7004 Drug Free Work Force
174) 252.223-7006 Prohibition on Storage and Disposal of Toxic and
Hazardous Materials
175) 252.225.7002 Qualifying Country Sources as Subcontractors.
176) 252.225-7004 Report of Intended Performance Outside the United
States and Canada - Submission After Award.
177) 252.225-7006 Quarterly Reporting of Actual Contract Performance
Outside the United States.
178) 252.225-7009 Duty-Free Entry - Qualifying Country Products and
Supplies (End Products and Components).
179) 252.225-7010 Duty-Free Entry - Additional Provisions.
180) 252.225-7012 Preference for Certain Domestic Commodities.
181) 252.225.7013 Duty-Free Entry
182) 252.225-7014 “Alternate 1” Preference for Domestic Specialty Metals.
183) 252.225-7015 Restriction on Acquisition of Hand or Measuring Tools.
184) 252.225-7016 Restriction on Acquisition of Ball and Roller Bearings.
185) 252.225-7021 Trade Agreements
186) 252.225-7025 Restriction on Acquisition of Forgings.
187) 252.225-7026 Reporting of Contract Performance Outside the United
States.
188) 252.225-7030 Restriction of Acquisition of Carbon, Alloy and Armor
Steel Plate
189) 252.225-7031 Secondary Arab Boycott of Israel.
190) 252.225-7033 Waiver of United Kingdom Levies.
191) 252.225-7041 Correspondence in English.
192) 252.225-7042 Authorization to Perform.
193) 252.225-7043 Antiterrorism/Force Protection for Defense Contractors
Outside the US
194) 252.226-7001 Utilization of Indian Organizations, Indian-Owned
Economic Enterprises, and Native Hawaiian Small Business Concerns.
195) 252.227-7013 Rights in Technical Data-Noncommercial Item.
196) 252.227-7014 Rights in Noncommercial computer software and
noncommercial computer software documentation
197) 252.227-7015 Technical Data - Commercial Items
198) 252.227-7016 Rights in Bid or Proposal Information.
199) 252.227-7017 Identification and Assertion of Use, Release, or
Disclosure Restrictions.
200) 252.227-7019 Validation of Asserted Restrictions - Computer Software
201) 252.227-7025 Limitations on the use or disclosure of Government
Furnished information marked with Restrictive Legends
202) 252.227-7027 Deferred Ordering of Technical Data or Computer
Software
203) 252.227-7030 Technical Data-Withholding of Payment.
204) 252.227-7034 Patents-Subcontracts.
205) 252.227-7037 Validation of Restrictive Markings on Technical Data.
206) 252.229-7006 Value Added Tax Exclusion (United Kingdom)
207) 252.231-7000 Supplemental Cost Principles.
208) 252.232-7004 DoD Progress Payment Rates.
209) 252.232-7010 Levies on Contract Payments.
210) 252.235-7003 Frequency Authorization.
211) 252.239-7016 Telecommunications Security Equipment Devices,
Techniques and Services.
212) 252.239-7017, Notice of Supply Chain Risk ** see full text separate pg
213) 252.239-7018, Supply Chain Risk ** see full text separate page
214) 252.242-7003 Application for U.S. Government Shipping
Documentation/Instructions.
215) 252.242-7004 Material Management and Accounting System.
216) 252.243-7001 Pricing of Contract Modifications.
217) 252.243-7002 Requests for Equitable Adjustment.
218) 252.244-7000 Subcontracts for Commercial Items and Commercial
Components (DoD Contracts)
219) 252.246-7000 Material Inspection and Receiving Report.
220) 252.246-7001 Warranty of Data.
221) 252.246-7003 Notification of Potential Safety Issues
2
PURCHASE ORDER TERMS AND CONDITIONS FOR
GOVERNMENT CONTRACTS COVERED BY FEDERAL
ACQUISITION REGULATIONS (FAR)
222) 252.247-7023 Transportation of Supplies by Sea.
223) 252.247-7024 Notification of Transportation of Supplies by Sea.
224) 252.249-7002 Notification of Anticipated Contract Termination or
Reduction.
FAR SUBPART 22.4 Labor Standards for Contracts Involving Construction.
Seller agrees that all supplies and services herein ordered will be manufactured or performed and furnished in accordance with all applicable requirements of the
statutes referenced in this rider and they are hereby incorporated by reference all representations and stipulations required by said statutes and the regulations
issued thereunder by the Secretary of Labor, whose applicable rulings and interpretations are binding on seller:
(1)
(2)
(3)
(4)
(5)
Davis Bacon Act (Act of March 3, 1931, as amended; 40 U.S. Code 276a).
Copeland Act (18 U.S. Code 276c: 48 USC 8 74: 40 USC 276c).
Walsh Healy Public Contracts Act (41 USC 34-45).
Service Contract Act (41 USC 351).
Contract Work Hours and Safety Standards Act (40 USC 376-333).
Acknowledgment of purchase orders/subcontracts issued as the result of a United States Government prime contract or subcontract shall be in accordance with
the provisions of the Defense Priorities and Allocations Systems Regulation (15 CFR Part 700) governing rated orders. Failure to provide acknowledgment within
the allotted time frame and in manner prescribed therein shall constitute acceptance of the order/subcontract and all terms and conditions set forth therein.
**The following clauses are incorporated in full text and will be flowed to suppliers at all tiers:
252.239-7018 Supply Chain Risk.
As prescribed in 239.7306(b), use the following clause: SUPPLY CHAIN RISK (NOV 2013)
(a) Definitions. As used in this clause–
“Information technology” (see 40 U.S.C 11101(6)) means, in lieu of the definition at FAR 2.1, any equipment, or interconnected system(s) or
subsystem(s) of equipment, that is used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement,
control, display, switching, interchange, transmission, or reception of data or information by the agency.
(1) For purposes of this definition, equipment is used by an agency if the equipment is used by the agency directly or is used by a contractor
under a contract with the agency that requires—
(i) Its use; or
(ii) To a significant extent, its use in the performance of a service or the furnishing of a product.
(2) The term “information technology” includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices
necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software,
firmware and similar procedures, services (including support services), and related resources.
(3) The term “information technology” does not include any equipment acquired by a contractor incidental to a contract.
“Supply chain risk,” means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design,
integrity, manufacturing, production, distribution, installation, operation, or maintenance of a national security system (as that term is defined at
44 U.S.C. 3542(b)) so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system.
(b) The Contractor shall maintain controls in the provision of supplies and services to the Government to minimize supply chain risk.
(c) In order to manage supply chain risk, the Government may use the authorities provided by section 806 of Pub. L. 111-383. In exercising
these authorities, the Government may consider information, public and non-public, including all-source intelligence, relating to a Contractor’s
supply chain.
(d) If the Government exercises the authority provided in section 806 of Pub. L. 111-383 to limit disclosure of information, no action undertaken
by the Government under such authority shall be subject to review in a bid protest before the Government Accountability Office or in any Federal
court.
(e) The Contractor shall include the substance of this clause, including this paragraph (e), in all subcontracts involving the development or
delivery of any information technology, whether acquired as a service or as a supply.
(End of clause)
252.204-7012 Safeguarding of Unclassified Controlled Technical Information.
As prescribed in204.7303, use the following clause: SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV
2013)
(a) Definitions. As used in this clause—
Adequate security means protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized
access to, or modification of information.
Attribution information means information that identifies the Contractor, whether directly or indirectly, by the grouping of information that can be
traced back to the Contractor (e.g., program description or facility locations).
Compromise means disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized
intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may
have occurred.
Contractor information system means an information system belonging to, or operated by or for, the Contractor.
Controlled technical information means technical information with military or space application that is subject to controls on the access, use,
reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information is to be marked with one
26-002-0028 (11202013)
3
PURCHASE ORDER TERMS AND CONDITIONS FOR
GOVERNMENT CONTRACTS COVERED BY FEDERAL
ACQUISITION REGULATIONS (FAR)
of the distribution statements B-through-F, in accordance with DoD Instruction 5230.24, Distribution Statements on Technical Documents. The
term does not include information that is lawfully publicly available without restrictions.
Cyber incident means actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information
system and/or the information residing therein.
Exfiltration means any unauthorized release of data from within an information system. This includes copying the data through covert network
channels or the copying of data to unauthorized media.
Media means physical devices or writing surfaces including, but is not limited to, magnetic tapes, optical disks, magnetic disks, large-scale
integration memory chips, and printouts onto which information is recorded, stored, or printed within an information system.
Technical information means technical data or computer software, as those terms are defined in the clause at DFARS 252.227-7013, Rights in
Technical Data-Non Commercial Items, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of
technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process
sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and
computer software executable code and source code.
(b) Safeguarding requirements and procedures for unclassified controlled technical information. The Contractor shall provide adequate security
to safeguard unclassified controlled technical information from compromise. To provide adequate security, the Contractor shall—
(1) Implement information systems security in its project, enterprise, or company-wide unclassified information technology system(s) that may
have unclassified controlled technical information resident on or transiting through them. The information systems security program shall
implement, at a minimum—
(i) The specified National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security controls identified in
the following table; or
(ii) If a NIST control is not implemented, the Contractor shall submit to the Contracting Officer a written explanation of how—
(A) The required security control identified in the following table is not applicable; or
(B) An alternative control or protective measure is used to achieve equivalent protection.
(2) Apply other information systems security requirements when the Contractor reasonably determines that information systems security
measures, in addition to those identified in paragraph (b)(1) of this clause, may be required to provide adequate security in a dynamic
environment based on an assessed risk or vulnerability.
Table 1 -- Minimum Security Controls for Safeguarding
Minimum required security controls for unclassified controlled technical information requiring safeguarding in accordance with paragraph (d) of
this clause. (A description of the security controls is in the NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and
Organizations” (http://csrc.nist.gov/publications/PubsSPs.html).)
Audit & Accountability
Identification
and
Authentication
Media Protection
System & Comm Protection
AC-2
AU-2
IA-2
MP-4
SC-2
AC-3(4)
AC-4
AU-3
AU-6(1)
IA-4
IA-5(1)
MP-6
SC-4
SC-7
Access Control
AC-6
Physical and
Environmental
Protection
SC-8(1)
Incident
Response
PE-2
SC-13
PE-3
PE-5
SC-15
AU-7
AC-7
AU-8
AC-11(1)
AC-17(2)
AU-9
IR-2
IR-4
AC-18(1)
Configuration Management
IR-5
AC-19
CM-2
IR-6
AC-20(1)
CM-6
AC-20(2)
CM-7
Maintenance
AC-22
CM-8
MA-4(6)
MA-5
Awareness &
Training
AT-2
Contingency Planning
CP-9
MA-6
26-002-0028 (11202013)
SC-28
Program Management
PM-10
System & Information Integrity
SI-2
Risk Assessment
RA-5
SI-3
SI-4
4
PURCHASE ORDER TERMS AND CONDITIONS FOR
GOVERNMENT CONTRACTS COVERED BY FEDERAL
ACQUISITION REGULATIONS (FAR)
Legend:
AC: Access Control
AT: Awareness and Training
AU: Auditing and Accountability
CM: Configuration Management
CP: Contingency Planning
IA: Identification and Authentication
IR: Incident Response SI: System & Information Integrity
MA: Maintenance
MP: Media Protection
PE: Physical & Environmental Protection
PM: Program Management
RA: Risk Assessment
SC: System & Communications Protection
(c) Other requirements. This clause does not relieve the Contractor of the requirements specified by applicable statutes or other Federal and
DoD safeguarding requirements for Controlled Unclassified Information (CUI) as established by Executive Order 13556, as well as regulations
and guidance established pursuant thereto.
(d) Cyber incident and compromise reporting.
(1) Reporting requirement. The Contractor shall report as much of the following information as can be obtained to the Department of Defense via
(http://dibnet.dod.mil/) within 72 hours of discovery of any cyber incident, as described in paragraph (d)(2) of this clause, that affects unclassified
controlled technical information resident on or transiting through the Contractor’s unclassified information systems:
(i) Data Universal Numbering System (DUNS).
(ii) Contract numbers affected unless all contracts by the company are affected.
(iii) Facility CAGE code if the location of the event is different than the prime Contractor location.
(iv) Point of contact if different than the POC recorded in the System for Award Management (address, position, telephone, email).
(v) Contracting Officer point of contact (address, position, telephone, email).
(vi) Contract clearance level.
(vii) Name of subcontractor and CAGE code if this was an incident on a Sub-contractor network.
(viii) DoD programs, platforms or systems involved.
(ix) Location(s) of compromise.
(x) Date incident discovered.
(xi) Type of compromise (e.g., unauthorized access, inadvertent release, other).
(xii) Description of technical information compromised.
(xiii) Any additional information relevant to the information compromise.
(2) Reportable cyber incidents. Reportable cyber incidents include the following:
(i) A cyber incident involving possible exfiltration, manipulation, or other loss or compromise of any unclassified controlled technical
information resident on or transiting through Contractor’s, or its subcontractors’, unclassified information systems.
(ii) Any other activities not included in paragraph (d)(2)(i) of this clause that allow unauthorized access to the Contractor’s unclassified
information system on which unclassified controlled technical information is resident on or transiting.
(3) Other reporting requirements. This reporting in no way abrogates the Contractor’s responsibility for additional safeguarding and cyber
incident reporting requirements pertaining to its unclassified information systems under other clauses that may apply to its contract, or as a result
of other U.S. Government legislative and regulatory requirements that may apply (e.g., as cited in paragraph (c) of this clause).
(4) Contractor actions to support DoD damage assessment. In response to the reported cyber incident, the Contractor shall—
(i) Conduct further review of its unclassified network for evidence of compromise resulting from a cyber incident to include, but is not
limited to, identifying compromised computers, servers, specific data and users accounts. This includes analyzing information systems
that were part of the compromise, as well as other information systems on the network that were accessed as a result of the
compromise;
(ii) Review the data accessed during the cyber incident to identify specific unclassified controlled technical information associated with
DoD programs, systems or contracts, including military programs, systems and technology; and
(iii) Preserve and protect images of known affected information systems and all relevant monitoring/packet capture data for at least 90
days from the cyber incident to allow DoD to request information or decline interest.
(5) DoD damage assessment activities. If DoD elects to conduct a damage assessment, the Contracting Officer will request that the
Contractor point of contact identified in the incident report at (d)(1) of this clause provide all of the damage assessment information
gathered in accordance with paragraph (d)(4) of this clause. The Contractor shall comply with damage assessment information
requests. The requirement to share files and images exists unless there are legal restrictions that limit a company's ability to share
digital media. The Contractor shall inform the Contracting Officer of the source, nature, and prescription of such limitations and the
authority responsible.
(e) Protection of reported information. Except to the extent that such information is lawfully publicly available without restrictions, the Government
will protect information reported or otherwise provided to DoD under this clause in accordance with applicable statutes, regulations, and policies.
The Contractor shall identify and mark attribution information reported or otherwise provided to the DoD. The Government may use information,
including attribution information and disclose it only to authorized persons for purposes and activities consistent with this clause.
(f) Nothing in this clause limits the Government’s ability to conduct law enforcement or counterintelligence activities, or other lawful activities in
the interest of homeland security and national security. The results of the activities described in this clause may be used to support an
investigation and prosecution of any person or entity, including those attempting to infiltrate or compromise information on a contractor
information system in violation of any statute.
(g) Subcontracts. The Contractor shall include the substance of this clause, including this paragraph (g), in all subcontracts, including
subcontracts for commercial items.
(End of clause)
26-002-0028 (11202013)
5
Related documents
SL122 Contractor*s Claim for Extension of Time (days stated) * No
SL122 Contractor*s Claim for Extension of Time (days stated) * No
Contractor vs. Employee Certification
Contractor vs. Employee Certification
SL108 Request for Variation as a Consequence of a Requirement of
SL108 Request for Variation as a Consequence of a Requirement of
Contractor Performance Eval
Contractor Performance Eval
Construction - Discover Halstead
Construction - Discover Halstead
After The Storm - Lee County Florida
After The Storm - Lee County Florida
Download
advertisement