l-3 letterhead csw - L
advertisement
Communication Systems-West 640 North 2200 West P.O. Box 16850 Salt Lake City, UT 84116 801-594-2000 Fax: 801-594-2127 GENERAL TERMS AND CONDITIONS This document, together with the attachments appended hereto constitutes the Terms and Conditions for the Subcontract between the parties, and acceptance is strictly limited to the terms and conditions contained herein. Additional or differing terms, conditions or limitations of liability proposed by the Seller, whether in a quote, acceptance or delivery document shall have no effect unless accepted in writing by Buyer. In particular, any limitation of liability or disclaimer of warranty is expressly rejected. Agreement by Seller to furnish the goods or services to these terms and conditions, or Seller’s commencement of such performance or acceptance of payment shall constitute acceptance by Seller of these Terms and Conditions. If any of the clauses are not applicable by their terms they shall be self-deleting. 1. FIRST ARTICLE INSPECTION A 100% dimensional "First Article" inspection report, test report, (if required) and certification of compliance, must accompany each first time shipment of any PWB, metal fabrication, machined, electrical part or assembly built to Buyer’s specifications, unless otherwise instructed by the inspection codes listed below. Such reports and certifications must have the signature of the person verifying the compliance to all of the associated part requirements. 2. FOREIGN CORRUPT PRACTICES ACT Subcontractor agrees in writing not to interact with a foreign government political party or public international organization on behalf of L-3 Communications Corporation or Communications Systems-West Division without prior written permission. 3. MERCURY CONTAMINATION Mercury content of article furnished under this order shall not exceed the OSHA permissible exposure level. 4. NAME CHANGES L-3 Communications through acquisition and merger has had several previous affiliations. Any drawing or document reference to Sperry, Unisys, Paramax, Loral, or Lockheed Martin should be interpreted as L-3 Communications. 5. FURNISHED MATERIALS/LIABILITY If one or more items of Government property (SEE FAR 45.101) are furnished in support of this contract, the supplied items shall be subject to the monitoring and reporting requirements of L-3 Communications Systems-West Procedure "Subcontract Control, GPM-06" (P-335), which will be furnished by Buyer upon request. 6. WORKMANSHIP STANDARDS REQUIREMENT To review Buyer’s Workmanship Standards if the drawings, specifications, or part lists associated with this Order reference or require the use of Communication Systems-West's workmanship standards, please refer to the website http://www2.L-3com.com/csw/docs/wsm. If you cannot access the URL, call 801-594-2727 between the hours of 7am and 4pm mountain time. SLC-9031 Rev 7, Dated: 19 March 2014 Page 1 of 14 7. SUPPLIER QUALITY, FIRST ARTICLE INSPECTION, AND QUALITY MANAGEMENT SYSTEMS To review Buyer’s Supplier Quality Requirements (SQR), please refer to website: http://www2.L-3com.com/csw/docs/wsm/ (i.e. first article inspection, special processes quality management systems, and other general and commodity specific requirements). (see section 3.1 of the SQR for first-article-inspection applicability). 8. NONCONFORMING AND SUSPECT MATERIAL In the event nonconforming material is received by Buyer, a Supplier Corrective Action Report (SCAR) may be issued in conjunction with any nonconforming goods. Such SCAR must be returned to the requestor within 30 days of issue, or Buyer may withhold payments for the associated Purchase Order until such SCAR is received. If, anytime during the performance of, or after shipment(s) made against this Purchase Order, Seller becomes aware of or reasonably suspects that a product contains a component subject to a recall notice, warning alert, GIDEP alert, or any other type of concern regarding the authenticity, quality, safety, process integrity, specification compliance, or other type of nonconformance, Seller shall immediately notify Buyer of such problem or nonconforming goods shipment(s). Seller shall provide the following information as part of the notification: Buyer Purchase Order number; Buyer part number; Seller part number; quantity shipped, date(s) of shipment; serial number(s), if available; the identified nonconformance and the SCAR that will correct the nonconformance and prevent future shipments of nonconforming goods. After submittal of the above required information, Seller may apply for a specific waiver from L-3 Communications (FORM SLC3892) requesting L-3 Communications to accept the nonconforming goods. 9. PACKAGING REQUIREMENT Seller shall prepare and package the goods to prevent damage or deterioration and shall use best commercial practice for packing and packaging items to be delivered under this contract, unless otherwise specified in the Purchase Order. 10. EMPLOYMENT VERIFICATION REQUIREMENTS USING E-VERIFY In accordance with Executive Order 12989, all supplier personnel performing work at any L-3 site shall provide a certification of employment eligibility prior to the performance of any work. The U.S. Department of Homeland Security has designated E-Verify as the eligibility verification system that must be used. Prior to performance of any on-site work, the Supplier shall provide a certification letter listing the name and E-Verify case verification number of each employee assigned to work at L-3. For employees hired prior to June 9, 2008, it is acceptable for the Supplier to list the employee name and hire date in place of an E-Verify case number. In addition to the names and case numbers, the certification letter shall include the following statement: "(Company Name) has verified U.S. citizenship or permanent resident status for the listed employees and certifies that they are U.S. citizens or permanent residents legally qualified to work in the United States." E-Verify may be accessed at www.uscis.gov/e-verify. 11. SPECIALTY METALS Seller, by acceptance of this Purchase Order, certifies that any goods herein that are required to comply with the "Specialty Metals" requirements in 10 USC 2533B and DFARS 252.225-7009, Restriction on Acquisition of Certain Articles Containing Specialty Metals, are compliant and that the seller shall maintain the required manufacturer’s certifications and shall make them available to Buyer upon request. Such certifications shall be retained at Seller’s facility per the record retention requirements of FAR Subpart 4.7. SLC-9031 Rev 7, Dated: 19 March 2014 Page 2 of 14 12. STANDARD OFFSET PROVISION To the exclusion of all others, Buyer or its assignees shall be entitled to all industrial benefits or offset credits that may result from the issuance of this Purchase Order / Subcontract. It is Buyer’s intent to utilize any industrial benefits/offset credits in support of Buyer’s offset obligations and those of its Corporate Affiliates, Prime Contractors, or other business partners. Seller agrees to use reasonable efforts to identify the foreign content of any goods or services that Seller either produces itself or procures from its Suppliers/Subcontractors for work directly related to this Purchase Order/Subcontract. Seller shall provide buyer a written notice every six (6) months documenting whether or not there has been any foreign content related to this Purchase Order/Subcontract. Seller shall provide documentation or information that Buyer or its assignees may reasonably request to substantiate claims for industrial benefits or offset credits. 13. FEE REDUCTION a. Where submission of cost or pricing data is required or requested at any time prior to or during performance of this subcontract, if Seller or its lower tier subcontractors: (i) submit and/or certify cost or pricing data that are defective; (ii) with notice of applicable cutoff dates and upon Buyer’s request to provide cost or pricing data, submit cost or pricing data, whether certified or not certified at the time of submission, as a prospective subcontractor, and any such data are defective as of the applicable cutoff date on Buyer’s Certificate of Current Cost or Pricing Data, (iii) claim an exemption to a requirement to submit such cost or pricing data and such exemption is invalid, (iv) furnish data of any description that is inaccurate; or if (v) the US Government alleges any of the foregoing; and, as a result, (A) Buyer’s contract price or fee is reduced; (B) Buyer’s costs are determined to be unallowable; (C) any fines, penalties, withholdings, or interest are assessed on Buyer; or (D) Buyer incurs any other costs or damages; Buyer may proceed as provided for in 1c. below. b. Upon occurrence of any of the circumstances, other than withholdings, identified in paragraph 13a. above, Buyer may make a reduction of corresponding amounts (in whole or in part) in the price of this contract or any other contract with the Seller, and/or may demand payment (in whole or in part) of the corresponding amounts. Seller shall promptly pay amounts so demanded. In the case of withholding(s), Buyer may withhold the same amount from Seller under this contract. c. Seller will not raise as defenses the matters listed in FAR 52.215-10(c)(1), or FAR 52.21511(d)(1). 14. INSURANCE REQUIREMENTS In addition to the provision stated in the L-3 Communications GENERAL TERMS AND CONDITIONS For Supply & Services Subcontracts, any work to be performed by Seller for Buyer is also extended to any site designated by Buyer. 15. HAZARDOUS MATERIALS (HAZMAT) Applies only when Seller’s employees are on Buyer’s premises: If a hazardous material is brought on Buyer’s premises or a site designated by Buyer and there is a possibility of employees being exposed to the hazardous material, Seller shall provide to Buyer a Material Safety Data Sheet (MSDS)/OSHA Form 20 in advance of any work performed and provide sufficient leadtime so that the hazardous material can be evaluated and controls planned. Seller must remove all such hazardous materials and associated empty containers from Buyer’s premises or designated site after work is completed. SLC-9031 Rev 7, Dated: 19 March 2014 Page 3 of 14 16. AUTHORITY Only the Buyer Procurement Representative has authority on behalf of Buyer to make changes to this contract. All amendments must be identified as such in writing and executed by the parties. 17. EXCLUDED PARTIES Seller shall immediately notify the Buyer Procurement Representative if Seller is, or becomes, listed in any Denied Parties list or if Seller’s export privileges are otherwise denied, suspended or revoked in whole or in part by any U.S. Government entity or agency. 18. EXPORT COMPLIANCE Where Seller is a signatory under a Buyer export license or export agreement (e.g. TAA, MLA), Seller shall provide prompt notification to the Buyer Procurement Representative in the event of changed circumstances including, but not limited to, ineligibility, a violation or potential violation of the ITAR, and the initiation or existence of a U.S. Government investigation, that could affect the Seller’s performance under this contract. 19. PRIME CONTRACT AMENDMENTS Seller agrees that upon request of Buyer it will negotiate in good faith with Buyer relative to amendments to this Subcontract to incorporate additional provisions herein or to change provisions hereof, as Buyer may reasonably deem necessary in order to comply with the provisions of the applicable Prime Contract or with the provisions of amendments to such Prime Contract. If any such amendment to this Subcontract causes an increase or decrease in the cost of, or the time required for, performance of any part of the Work under this Subcontract, an equitable adjustment shall be made pursuant to the “Changes” clause of this Subcontract. 20. AUDIT RIGHTS For a period no less than three (3) years after final payment under each and every subcontract or Order, Seller shall maintain complete and accurate books, records, documents, and other evidence of the time worked, costs, expenses and allowances pertaining to this Subcontract to the extent and in such detail as will properly reflect all net costs (direct or indirect) of labor, materials, equipment, supplies and services and other costs and expenses of whatever nature. Buyer shall have the right to request a DCAA audit to examine, reproduce and audit any and all records. This clause is in addition to Paragraph 30 of L-3 Communications General Terms and Conditions (Corporate Form CC008). 21. SPECIFICATIONS All references in any Buyer document or Government specifications (excluding those incorporated in subcontractor’s model specifications) incorporated into this Subcontract by reference, shall be deemed to include any and all specifications superseding or supplementary to the specifications so referred to, to the extent that such superseding or supplementary specifications are in effect on the effective date of this subcontract or on the effective date of any incorporating change notice, if subcontractor was furnished or otherwise had been notified of the existence of such superseding or supplementary specifications by that effective date. 22. INDEMNIFICATION Seller shall indemnify and save harmless L-3 Communications from and against any and all damages, liabilities, penalties, fines, costs, and expenses, including attorneys’ fees, arising out of claims, suit, allegations or charges of Seller’s failure to comply with the provisions of Paragraph 12, of L-3 Communications General Terms and Conditions (Corporate Form CC008). Any failure of the Seller to comply with the requirements shall be a material breach of this Subcontract. SLC-9031 Rev 7, Dated: 19 March 2014 Page 4 of 14 23. DISCONTINUED PRODUCT The parties recognize that electronic component suppliers at times discontinue or reduce manufacture of MIL-Standard or MIL Specification parts. In the event a component is no longer stocked or manufactured as part of Seller’s regular product line, the Seller shall notify Buyer of any pending future action to discontinue purchased items through written notification to the cognizant procurement representative. 24. SUPPLIER PROCESS CHANGE CONTROL Some or all of the products acquired under this Agreement will be incorporated into higher level assemblies that may be subject to stringent “qualification testing” requirements for critical government applications; even minor changes to Seller’s products or processes may necessitate “requalification” or produce unacceptable results in higher level assemblies. Since the impact of any such product/process change can be most efficiently assessed prior to product integration into higher level assemblies and the potential cost of remediation/retrofit activities for end products deployed worldwide could be substantial, as a cardinal commitment under this contract, Seller expressly commits to: 1) maintain a robust sourcing/quality process for the products delivered hereunder; 2)rigorously comply with the notification requirements specified below; and 3) include provisions with its sub-tier suppliers that are adequate to implement the requirements of this provision. 25. PRIOR APPROVAL – FORM/FIT/FUNCTION ALTERATIONS Seller will not implement, or otherwise deliver to Buyer, products incorporating any alterations to product form, fit, or function without the express prior written approval of the Buyer. To obtain approval, Seller shall submit to Buyer the Change or Information Request Form (CIR) located at http://www.L-3com2.com/csw/docs/wsm, under the “Supplier Form” Tab (SLC-9012). Such approval shall not be unreasonably withheld but shall be dependent upon Seller’s thorough documentation of such proposed changes (including any analysis necessary to confirm continued suitability). Seller’s notification and Buyer’s limited approval of such form, fit or function alterations shall not be interpreted to waive any other contractual requirement(s) or to otherwise relieve Seller from delivering fully compliant products. 26. PRIOR NOTIFICATION Material Changes: Prior to delivering any products incorporating a “material change”, Seller shall provide advance notice to Buyer in sufficient time to reasonably evaluate the proposed change and, if necessary, to place an end-of-life order for the unchanged product, but in no event shall Seller’s notice be less than 30 calendar days. In providing notice, Seller shall submit to Buyer the Change or Information Request Form (CIR) located at http://www.L-3com2.com/csw/docs/wsm, under the “Supplier Form” Tab (SLC-9012). For purposes of this clause a “material change” is any alteration to the design, technical specifications, materials, component sourcing, or production process, facilities or location, whether instigated by Seller or its sub-tier suppliers. Risk Notification – Product Alerts Buyer shall be promptly notified whenever Seller becomes aware or reasonably suspects that any product delivered to Buyer is, or contains a component that is, subject to a recall notice, warning alert, GIDEP Alert, and/or any other type of notification or concern regarding product authenticity, quality, safety, process integrity, and/or specification compliance. SLC-9031 Rev 7, Dated: 19 March 2014 Page 5 of 14 FAR & DFARS: When the materials or products furnished are for use in connection with a U.S. Government contract or subcontract, in addition to the General Provisions, the following provisions shall apply, as required by the terms of the prime contract or by the operation of law or regulation. In the event of a conflict between these FAR and DFARS provisions and the General Provisions, the FAR and DFARS provisions shall control. The following clauses set forth in the FAR and DFARS in effect as of the date of the prime contract are incorporated herein by reference. In all clauses listed herein, the terms “Government”, “Contracting Officer” and “Contractor” shall be revised to suitably identify the contracting parties herein and effect the proper intent of the provision except where further clarified or modified below. “Subcontractor” however, shall mean “Seller’s Subcontractor” under this purchase order. 1. 52.227-3 2. 52.232-99 3. 4. 5. 6. 7. 8. 9. 52.232-11 52.233-1 52.237-3 52.242-1 52.243-7 52.246-1 52.246-17 10. 52.246-23 11. 52.246-24 12. 52.246-25 13. 252.204-7002 14. 252.204-7014 15. 252.204-7015 16. 252.219-7004 17. 252.225-7002 18. 252.227-7022 19. 252.227-7032 20. 252.232-7007 21. 252.239-7017 22. 252.246-7001 SLC-9031 Rev 7, Dated: 19 March 2014 Patent Indemnity (Commercial Items) Providing Accelerated Payment to Small Business Subcontractors Extras Disputes Continuity of Services Notice of Intent to Disallow Costs Notification of Changes (Over $1 Million) Contractor Inspection Requirement Warranty of Supplies of a Noncomplex Nature (at (b)(1) and (c)(1) insert words “one year after acceptance”) Limitation of Liability (Over SAP) Limitation of Liability – High Value Items (Over SAP) Limitation of Liability – Services (Over SAP) Payment for Subline Items Not Separately Priced Limitations on the Use or Disclosure of Information by Litigation Support Contractors Disclosure of Information to Litigation Support Contractors Small Business Subcontracting (Test Program) Qualifying Country Sources as Subcontractors Government Rights (Unlimited) Rights in Technical Data and Computer Software (Foreign) Limitation on Government’s Obligation (Over $100,000) Notice of Supply Chain Risk Warranty of Data Page 6 of 14 BASED upon two Interim Rule Changes, Requirements Relating to Supply Chain Risk (DFARS Case 2012-D050) and Safeguarding Unclassified Controlled Technical Information (DFARS Case 2011-D039), the following two provisions (in Full Text) shall apply: 252.204-7012 Safeguarding of Unclassified Controlled Technical Information. As prescribed in 204.7303, use the following clause: SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013) (a) Definitions. As used in this clause— “Adequate security” means protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information. “Attribution information” means information that identifies the Contractor, whether directly or indirectly, by the grouping of information that can be traced back to the Contractor (e.g., program description or facility locations). “Compromise” means disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred. “Contractor information system” means an information system belonging to, or operated by or for, the Contractor. “Controlled technical information” means technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information is to be marked with one of the distribution statements B-through-F, in accordance with DoD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions. “Cyber incident” means actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein. “Exfiltration” means any unauthorized release of data from within an information system. This includes copying the data through covert network channels or the copying of data to unauthorized media. SLC-9031 Rev 7, Dated: 19 March 2014 Page 7 of 14 “Media” means physical devices or writing surfaces including, but is not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts onto which information is recorded, stored, or printed within an information system. “Technical information” means technical data or computer software, as those terms are defined in the clause at DFARS 252.227-7013, Rights in Technical Data-Non Commercial Items, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code. (b) Safeguarding requirements and procedures for unclassified controlled technical information. The Contractor shall provide adequate security to safeguard unclassified controlled technical information from compromise. To provide adequate security, the Contractor shall— (1) Implement information systems security in its project, enterprise, or company-wide unclassified information technology system(s) that may have unclassified controlled technical information resident on or transiting through them. The information systems security program shall implement, at a minimum— (i) The specified National Institute of Standards and Technology (NIST) Special Publication (SP) 80053 security controls identified in the following table; or (ii) If a NIST control is not implemented, the Contractor shall submit to the Contracting Officer a written explanation of how— (A) The required security control identified in the following table is not applicable; or (B) An alternative control or protective measure is used to achieve equivalent protection. (2) Apply other information systems security requirements when the Contractor reasonably determines that information systems security measures, in addition to those identified in paragraph (b)(1) of this clause, may be required to provide adequate security SLC-9031 Rev 7, Dated: 19 March 2014 Page 8 of 14 in a dynamic environment based on an assessed risk or vulnerability. Table 1 -- Minimum Security Controls for Safeguarding Minimum required security controls for unclassified controlled technical information requiring safeguarding in accordance with paragraph (d) of this clause. (A description of the security controls is in the NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations” (http://csrc.nist.gov/publications/PubsSPs.html).) Access Control Audit & Accountability Identification and Authentication Media Protection System & Comm Protection AC-2 AU-2 IA-2 MP-4 SC-2 AC-3(4) AU-3 IA-4 MP-6 SC-4 AC-4 AU-6(1) IA-5(1) SC-7 Physical and Environmental Protection SC-8(1) SC-13 AC-6 AU-7 AC-7 AU-8 Incident Response PE-2 AC-11(1) AU-9 IR-2 PE-3 IR-4 PE-5 AC-17(2) AC-18(1) AC-19 Configuration Management CM-2 IR-5 IR-6 SC-15 SC-28 Program Management AC-20(1) CM-6 AC-20(2) CM-7 Maintenance AC-22 CM-8 MA-4(6) Risk Assessment SI-3 MA-5 RA-5 SI-4 Awareness & Training Contingency Planning AT-2 CP-9 PM-10 System & Information Integrity SI-2 MA-6 Legend: AC: Access Control MA: Maintenance AT: Awareness and Training MP: Media Protection SLC-9031 Rev 7, Dated: 19 March 2014 Page 9 of 14 AU: Auditing and Accountability PE: Physical & Environmental Protection CM: Configuration Management PM: Program Management CP: Contingency Planning RA: Risk Assessment IA: Identification and Authentication SC: System & Communications Protection IR: Incident Response SI: System & Information Integrity (c) Other requirements. This clause does not relieve the Contractor of the requirements specified by applicable statutes or other Federal and DoD safeguarding requirements for Controlled Unclassified Information (CUI) as established by Executive Order 13556, as well as regulations and guidance established pursuant thereto. (d) Cyber incident and compromise reporting. (1) Reporting requirement. The Contractor shall report as much of the following information as can be obtained to the Department of Defense via (http://dibnet.dod.mil/) within 72 hours of discovery of any cyber incident, as described in paragraph (d)(2) of this clause, that affects unclassified controlled technical information resident on or transiting through the Contractor’s unclassified information systems: (i) Data Universal Numbering System (DUNS). (ii) Contract numbers affected unless all contracts by the company are affected. (iii) Facility CAGE code if the location of the event is different than the prime Contractor location. (iv) Point of contact if different than the POC recorded in the System for Award Management (address, position, telephone, email). (v) Contracting Officer point of contact (address, position, telephone, email). (vi) Contract clearance level. (vii) Name of subcontractor and CAGE code if this was an incident on a Sub-contractor network. SLC-9031 Rev 7, Dated: 19 March 2014 Page 10 of 14 (viii) DoD programs, platforms or systems involved. (ix) Location(s) of compromise. (x) Date incident discovered. (xi) Type of compromise (e.g., unauthorized access, inadvertent release, other). (xii) Description of technical information compromised. (xiii) Any additional information relevant to the information compromise. (2) Reportable cyber incidents. Reportable cyber incidents include the following: (i) A cyber incident involving possible exfiltration, manipulation, or other loss or compromise of any unclassified controlled technical information resident on or transiting through Contractor’s, or its subcontractors’, unclassified information systems. (ii) Any other activities not included in paragraph (d)(2)(i) of this clause that allow unauthorized access to the Contractor’s unclassified information system on which unclassified controlled technical information is resident on or transiting. (3) Other reporting requirements. This reporting in no way abrogates the Contractor’s responsibility for additional safeguarding and cyber incident reporting requirements pertaining to its unclassified information systems under other clauses that may apply to its contract, or as a result of other U.S. Government legislative and regulatory requirements that may apply (e.g., as cited in paragraph (c) of this clause). (4) Contractor actions to support DoD damage assessment. In response to the reported cyber incident, the Contractor shall— (i) Conduct further review of its unclassified network for evidence of compromise resulting from a cyber incident to include, but is not limited to, identifying compromised computers, servers, specific data and users accounts. This includes SLC-9031 Rev 7, Dated: 19 March 2014 Page 11 of 14 analyzing information systems that were part of the compromise, as well as other information systems on the network that were accessed as a result of the compromise; (ii) Review the data accessed during the cyber incident to identify specific unclassified controlled technical information associated with DoD programs, systems or contracts, including military programs, systems and technology; and (iii) Preserve and protect images of known affected information systems and all relevant monitoring/packet capture data for at least 90 days from the cyber incident to allow DoD to request information or decline interest. (5) DoD damage assessment activities. If DoD elects to conduct a damage assessment, the Contracting Officer will request that the Contractor point of contact identified in the incident report at (d)(1) of this clause provide all of the damage assessment information gathered in accordance with paragraph (d)(4) of this clause. The Contractor shall comply with damage assessment information requests. The requirement to share files and images exists unless there are legal restrictions that limit a company's ability to share digital media. The Contractor shall inform the Contracting Officer of the source, nature, and prescription of such limitations and the authority responsible. (e) Protection of reported information. Except to the extent that such information is lawfully publicly available without restrictions, the Government will protect information reported or otherwise provided to DoD under this clause in accordance with applicable statutes, regulations, and policies. The Contractor shall identify and mark attribution information reported or otherwise provided to the DoD. The Government may use information, including attribution information and disclose it only to authorized persons for purposes and activities consistent with this clause. (f) Nothing in this clause limits the Government’s ability to conduct law enforcement or counterintelligence activities, or other lawful activities in the interest of homeland security and national security. The results of the activities described in this clause may be used to support an investigation and prosecution of any person or entity, including those attempting to infiltrate or compromise information on a contractor information system in violation of any statute. SLC-9031 Rev 7, Dated: 19 March 2014 Page 12 of 14 (g) Subcontracts. The Contractor shall include the substance of this clause, including this paragraph (g), in all subcontracts, including subcontracts for commercial items. 252.239-7018 Supply Chain Risk. As prescribed in 239.7306(b), use the following clause: SUPPLY CHAIN RISK (NOV 2013) (a) Definitions. As used in this clause– “Information technology” (see 40 U.S.C 11101(6)) means, in lieu of the definition at FAR 2.1, any equipment, or interconnected system(s) or subsystem(s) of equipment, that is used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency. (1) For purposes of this definition, equipment is used by an agency if the equipment is used by the agency directly or is used by a contractor under a contract with the agency that requires— (i) Its use; or (ii) To a significant extent, its use in the performance of a service or the furnishing of a product. (2) The term “information technology” includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources. (3) The term “information technology” does not include any equipment acquired by a contractor incidental to a contract. “Supply chain risk,” means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a national security system (as that term is defined at 44 U.S.C. 3542(b)) so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system. (b) The Contractor shall maintain controls in the provision of supplies and services to the Government to minimize supply chain risk. SLC-9031 Rev 7, Dated: 19 March 2014 Page 13 of 14 (c) In order to manage supply chain risk, the Government may use the authorities provided by section 806 of Pub. L. 111-383. In exercising these authorities, the Government may consider information, public and non-public, including allsource intelligence, relating to a Contractor’s supply chain. (d) If the Government exercises the authority provided in section 806 of Pub. L. 111-383 to limit disclosure of information, no action undertaken by the Government under such authority shall be subject to review in a bid protest before the Government Accountability Office or in any Federal court. (e) The Contractor shall include the substance of this clause, including this paragraph (e), in all subcontracts involving the development or delivery of any information technology, whether acquired as a service or as a supply. SLC-9031 Rev 7, Dated: 19 March 2014 Page 14 of 14
