Government contractors selling to the US Department of Defense (DoD) must utilize “trusted suppliers” to obtain and use electronic parts or items that contain electronic parts, according to a rule proposed by DoD September 21. In addition, contractors must maintain “traceability” of any electronic parts from the original manufacturer to the point where the government accepts delivery.

Overview of Proposed Rule

DoD’s proposed rule relates to “supply chain risk,” and would mandate requirements for secure sources of electronics parts for defense contractors and subcontractors at all tiers. The proposed rule would have a number of ramifications for contractors providing:

  • electronic parts
  • end items, components, parts, or assemblies containing electronic parts
  • services, if the contractor will supply electronic parts or components, parts, or assemblies containing electronic parts as part of the service

The objective of this rule is to protect DoD against risks arising out of the supply chain. The rule represents a supplement to the final Defense Acquisition Regulations System (DFARS) rule on “detection and avoidance of counterfeit electronic parts,” which was issued on May 6, 2014.

Key provisions and changes in the proposed rule are:

  • Removal of embedded software or firmware from the definition of “electronic part.” However, commentary accompanying the proposed rule indicates that DoD expects to address this issue via a subsequent rule.
  • Clarification of traceability expectations. The rule proposes definitions of “trusted supplier,” “original manufacturer,” and “authorized dealer.” Contractors and subcontractors that are not  the “original manufacturer” would be required to have a risk-based system to trace electronic parts from the original manufacturer to product acceptance by the government, or, if such traceability is not feasible for a particular part, the contractor’s system must provide for the consideration of an alternative part or the utilization of tests and inspections in order to avoid counterfeit electronic parts.
  • If it is not possible to obtain an electronic part from a trusted supplier, contractors would be required to notify the contracting officer who would then become responsible for inspection, testing, and authentication, in accordance with existing applicable industry standards, of electronic parts obtained from sources other than a trusted supplier.
  • The proposed rule would apply to contracts for the acquisition of commercial items, including commercial off the shelf goods, as defined at FAR 2.101.
  • Application of the proposed rule would not be limited to  contractors subject to cost accounting standards, but would also apply to small business set-asides and would incorporate flow- down to subcontracts, including subcontracts for commercial items, thus applying to all DoD contractors and subcontractors at all tiers that are providing electronic parts or assemblies containing electronic parts.

Details of the Proposed Rule

For purposes of this proposed rule, the following new or amended definitions would be added to the DFARS:

  • Authorized dealer: a supplier which has a contractual arrangement with the original manufacturer or current design activity, including an authorized aftermarket manufacturer, to buy, stock, repackage, sell, and distribute its product lines. The commentary to the proposed regulation makes express note that “authorized dealer” does not equate to “authorized reseller” since an authorized reseller is not bound to obtain parts from the original manufacturer, but could instead source parts from an authorized dealer, an aftermarket manufacturer, or an independent distributor.
  • Original manufacturer: includes the “original equipment manufacturer,” a “contract electronics manufacturer,” and the “original component manufacturer.”
  • Original equipment manufacturer: an organization that manufactures products that it has designed from purchased components and sells those products under the company’s brand name.
  • Original component manufacturer: an organization that designs and/or engineers a part and is pursuing, or has obtained, the intellectual property rights to that part.
  • Contract electronics manufacturer: a manufacturer that produces goods, using electronic parts, for other companies on a contract basis under the label or brand of the other organizations, or fabricates an electronic part under a contract with, or with the express written authority of, the original component manufacturer, based on the original component manufacturer’s designs.
  • Trusted supplier: includes (i) the original manufacturer, (ii) an authorized dealer for the part, (iii) a supplier that obtains the part exclusively from the original component manufacturer of the part or an authorized dealer, and (iv) a supplier that a contractor or subcontractor has identified as a trustworthy supplier, using DoD- adopted counterfeit prevention industry standards and processes, including testing.

Substantive Requirements of the Proposed Rule

Simply stated, the main substantive requirement under the proposed rule is that contractors must only obtain and use electronic parts,  end items, components, parts, or assemblies containing electronic parts that are supplied by “trusted suppliers.” This proposed rule will apply both when the contract is one solely for the provision of goods, and when the contract is for services if the contractor will supply electronic parts or components, parts, or assemblies containing electronic parts as part of the service.

A secondary substantive requirement under the Proposed Rule is an obligation to maintain “traceability”– if the contractor is not  the original manufacturer of, or authorized dealer for, an electronic part, then the contractor will be required to establish and maintain risk-based processes (taking into consideration the consequences of failure of an electronic part) that enable tracking of electronic parts from the original manufacturer to product acceptance by the government. This rule applies whether the electronic part is supplied as a discrete electronic part or is contained in an assembly. If the contractor cannot establish traceability from the original manufacturer for a specific part, it must complete an evaluation that includes consideration of alternative parts or utilization of tests and inspections commensurate with the risk

The third and final proposed requirement is that the rule will apply  to both prime contractors and to subcontractors at all tiers for all DoD procurements. The rule mandates the flow-down of the rule and the required contract clause to all subcontracts (and thus also sub- subcontractors and suppliers).

Actions Government Contractors Must Undertake in Order to Comply

  • Identify and inventory all government contracts that involve the provision of covered electronic parts or components, including service contracts that may be subject to the rule.
  • Include the mandated contract clause in all future contracts.
  • Implement a reasoned process to establish and verify suppliers under covered contracts as “trusted suppliers” – and take steps to replace those that are unable to qualify.
  • Establish appropriate verification by subcontractors that they have undertaken similar actions.
  • Establish systems and processes to ensure that the “traceability” requirement is maintained.