|
@@ -1,34 +1,54 @@
|
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
-
<!DOCTYPE dita
|
|
3
|
-
|
|
4
|
-
<
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
class="- topic/topic concept/concept ">
|
|
10
|
-
<title class="- topic/title ">
|
|
11
|
-
<ph props="autonumber" class="- topic/ph ">252.239-7018</ph> Supply Chain Risk.</title>
|
|
12
|
-
<conbody outputclass="clause" class="- topic/body concept/conbody ">
|
|
13
|
-
<p class="- topic/p ">As prescribed in
|
|
14
|
-
<xref outputclass="fm:ParaNumOnly"
|
|
15
|
-
class="- topic/xref "
|
|
16
|
-
base="DFARS-239.7306"
|
|
17
|
-
href="239.7306.dita#DFARS_239.7306">239.7306</xref>
|
|
2
|
+
<!DOCTYPE dita PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
|
|
3
|
+
<dita xmlns:ditaarch="http://dita.oasis-open.org/architecture/2005/" domains="(topic task) (topic concept) (topic concept glossentry) (topic concept glossgroup) (topic reference) (topic troubleshooting++task) (topic task) (topic abbrev-d) a(props deliveryTarget) (topic equation-d) (topic hazard-d) (topic hi-d) (topic indexing-d) (topic markup-d) (topic mathml-d) (topic pr-d) (topic relmgmt-d) (topic sw-d) (topic svg-d) (topic ui-d) (topic ut-d) (topic markup-d xml-d) (topic task strictTaskbody-c) " ditaarch:DITAArchVersion="1.3">
|
|
4
|
+
<concept id="DFARS_252.239-7018" ditaarch:DITAArchVersion="1.3" class="- topic/topic concept/concept ">
|
|
5
|
+
<title class="- topic/title "><ph props="autonumber" class="- topic/ph ">252.239-7018</ph> Supply Chain Risk.</title>
|
|
6
|
+
<conbody outputclass="clause" class="- topic/body concept/conbody ">
|
|
7
|
+
<p class="- topic/p ">As prescribed in
|
|
8
|
+
<xref outputclass="fm:ParaNumOnly" class="- topic/xref " base="DFARS-239.7306" href="239.7306.dita#DFARS_239.7306">239.7306</xref>
|
|
18
9
|
(b), use the following clause:</p>
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
10
|
+
<p class="- topic/p " outputclass="Ctr_SmCaps">SUPPLY CHAIN RISK (DEC 2022)</p>
|
|
11
|
+
<info li_elems="0"/>
|
|
12
|
+
<ol>
|
|
13
|
+
<li>
|
|
14
|
+
<p outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(a)</ph><i class="+ topic/ph hi-d/i ">Definitions.</i> As used in this clause–</p>
|
|
15
|
+
<p class="- topic/p ">“Information technology” (see 40 U.S.C 11101(6)) means, in lieu of the definition at FAR 2.1, any equipment, or interconnected system(s) or subsystem(s) of equipment, that is used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency.</p>
|
|
16
|
+
<info li_elems="0"/>
|
|
17
|
+
<ol>
|
|
18
|
+
<li>
|
|
19
|
+
<p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(1)</ph> For purposes of this definition, equipment is used by an agency if the equipment is used by the agency directly or is used by a contractor under a contract with the agency that requires—</p>
|
|
20
|
+
<info li_elems="0"/>
|
|
21
|
+
<ol>
|
|
22
|
+
<li>
|
|
23
|
+
<p outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(i)</ph> Its use; or</p>
|
|
24
|
+
</li>
|
|
25
|
+
<li>
|
|
26
|
+
<p outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(ii)</ph> To a significant extent, its use in the performance of a service or the furnishing of a product.</p>
|
|
27
|
+
<info li_elems="2"/>
|
|
28
|
+
</li>
|
|
29
|
+
</ol>
|
|
30
|
+
</li>
|
|
31
|
+
<li>
|
|
32
|
+
<p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(2)</ph> The term “information technology” includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources.</p>
|
|
33
|
+
</li>
|
|
34
|
+
<li>
|
|
35
|
+
<p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(3)</ph> The term “information technology” does not include any equipment acquired by a contractor incidental to a contract.</p>
|
|
36
|
+
<p class="- topic/p ">“Supply chain risk,” means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system (see 10 U.S.C. 3252).</p>
|
|
37
|
+
<info li_elems="2"/>
|
|
38
|
+
</li>
|
|
39
|
+
</ol>
|
|
40
|
+
</li>
|
|
41
|
+
<li>
|
|
42
|
+
<p outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(b)</ph> The Contractor shall mitigate supply chain risk in the provision of supplies and services to the Government.</p>
|
|
43
|
+
</li>
|
|
44
|
+
<li>
|
|
45
|
+
<p outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(c)</ph> In order to manage supply chain risk, the Government may use the authorities provided by 10 U.S.C. 3252. In exercising these authorities, the Government may consider information, public and non-public, including all-source intelligence, relating to a Contractor's supply chain.</p>
|
|
46
|
+
</li>
|
|
47
|
+
<li>
|
|
48
|
+
<p outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(d)</ph> If the Government exercises the authority provided in 10 U.S.C. 3252 to limit disclosure of information, no action undertaken by the Government under such authority shall be subject to review in a bid protest before the Government Accountability Office or in any Federal court.</p>
|
|
49
|
+
</li>
|
|
50
|
+
</ol>
|
|
51
|
+
<p outputclass="Endofclause" class="- topic/p ">(End of clause)</p>
|
|
52
|
+
</conbody>
|
|
53
|
+
</concept>
|
|
34
54
|
</dita>
|