On September 17, 2015, Covington hosted a Symposium in the firm’s Washington office focusing on key trends and emerging issues for government contractors. Both Senator John McCain and former Attorney General Eric Holder addressed the procurement and enforcement challenges faced by the government and contractors, and several panels of leading experts discussed a wide variety of topics ranging from cybersecurity developments to contractor responsibility. The full-day program also offered a series of break-out sessions focused on operational business considerations, including the increasing importance of contractor supply chain management.  That topic now appears to have been particularly timely in light of DoD’s September 21, 2015 announcement of a new proposed rule addressing counterfeit electronic parts in contractor supply chains.

The new proposed rule is further implementation of section 818 of the 2012 National Defense Authorization Act (“NDAA”), which required the Secretary of Defense to assess DoD’s “acquisition policies and systems for the detection and avoidance of counterfeit electronic parts.” As discussed below, because the proposed rule would impose new substantive sourcing requirements and apply far more broadly than existing regulations, it would, if adopted, further increase the overall compliance burden on the defense contracting community.

Existing Counterfeit Electronic Parts Rule

On May 6, 2014, the Department of Defense issued a final rule, codified in at DFARS 252.246-7007, that required covered DoD contractors to establish a risk-based counterfeit electronic part detection and avoidance system. As we have previously outlined, the rule requires these detection and avoidance systems to address twelve enumerated areas, each of which supports the overarching goal of keeping counterfeit electronic parts out of the supply chains of DoD contractors. The existing rule does not provide detailed guidance for how a contractor should implement each of these twelve areas. In response to comments from contractors that additional guidance would be helpful, DoD stated that the responsibility for implementation falls on the contractor who must “establish[] a risk-based counterfeit detection and avoidance system” that reflects its unique circumstances. If a covered contractor fails to meet these minimum system criteria, its purchasing system may be disapproved and/or payments may be withheld for an inadequate business system.

The inclusion of DFARS 252.246-7007 is mandatory for all DoD contracts for the procurement of electronic parts (or end items and components containing electronic parts) and related services, but the rule’s requirements are operable only where the prime contractor is subject to full or modified coverage under the Cost Accounting Standards (“CAS”).[1]  Notably, the existing rule expressly does not apply to contracts that are set aside for small business concerns.

Substance of Proposed Rule

The new proposed rule, if adopted, would have a significant impact on the DoD contracting community because it adds substantive sourcing restrictions to the existing requirement to develop a detection and avoidance system for counterfeit electronic parts. At the heart of these restrictions is the requirement that DoD contractors obtain electronic parts only from “trusted suppliers.” The trusted supplier concept would be new to the DFARS, and the proposed rule defines it to mean any of the following four categories of suppliers:

  1. The part’s original manufacturer;
  2. The part’s “authorized dealer” (also a new concept, defined to mean “a supplier with . . . a contractual arrangement with the original manufacturer . . . to buy, stock, re-package, sell, and distribute its product lines”);
  3. Any supplier that obtains the part exclusively from the part’s original component manufacturer or an authorized dealer; and
  4. Any “supplier that a contractor or subcontractor has identified as a trustworthy supplier, using DoD-adopted counterfeit prevention industry standards and processes.”

The only exception to the “trusted supplier” requirement would arise where it is “not possible” to obtain electronic parts from a trusted supplier. In that event, the proposed rule requires a contractor to notify the cognizant Contracting Officer and then assume responsibility for the “inspection, testing, and authentication, in accordance with existing applicable industry standards,” of any electronic parts obtained from sources other than a trusted supplier.  The proposed rule also contemplates further rulemaking to establish qualification requirements pursuant to which DoD may identify trusted suppliers, and a second DFARS case, “DoD Use of Trusted Suppliers for Electronic Parts,” has been opened for this purpose.

Aside from the “trusted supplier” sourcing requirement, the proposed rule also offers additional clarification on the traceability expectations for DoD contractors. Existing regulations provide that covered DoD contractors must be able to trace their supply chain of electronic parts back to the original manufacturer, but DoD intentionally did not mandate specific traceability processes or standards when promulgating those regulations. Consistent with the approach taken by the existing rule, the proposed rule would clarify that the processes used by DoD contractors to establish traceability must be “risk based,” taking into consideration the probability of receiving a counterfeit electronic part, the probability that inspection or testing will detect a counterfeit electronic part, and the potential negative consequences of a counterfeit part being installed. The proposed rule further provides that if a Contractor cannot establish traceability from the original manufacturer for a specific part, it must “complete an evaluation that includes consideration of alternative parts or utilization of test and inspections commensurate with the risk.” The proposed rule does not provide specific guidance on what must be considered in these evaluations.

Applicability and Scope of Proposed Rule

Although the proposed rule’s substance can be summed up by the “trusted supplier” and traceability concepts, its applicability and scope may well generate more discussion—and consternation—among those in the defense contracting community. The existing counterfeit electronic parts regulations apply only to CAS-covered contractors and their subs and were expressly not applicable to small business set-aside acquisitions. In contrast, the proposed rule would apply to all contracts and subcontracts for electronic parts, of any size and at any tier, regardless of the applicability of CAS. There is no carve-out for small business set-asides, and the announcement accompanying the proposed rule explicitly states that it applies even to contracts below the simplified acquisition threshold and for commercial or COTS items. The inevitable consequence is that the obligation to avoid counterfeit electronic parts into the supply chain is now the responsibility of all contractors, from the largest of the major primes to the tiniest of lower-tier subs supplying components for commercial items.

But the news for DoD contractors is not all bad. Although the proposed rule would significantly expand the applicability of counterfeit electronic parts regulations, it also would narrow the scope of the obligations imposed on contractors in one important respect. One of the more troublesome aspects of the existing regulations is that the term “electronic part” is defined to include “embedded software or firmware,” a definitional quirk that industry representatives have consistently assailed as overly broad and unworkable. The proposed rule, however, would remove this clause from the definition of electronic part—both for the existing regulations and the proposed rule—in recognition of the fact that “[f]urther industry standards are still under development to address testing of embedded software or firmware in electronic parts.” This change, which DoD acknowledges was prompted by “robust discussion” at a 2014 public meeting, underscores the value and potential impact of industry engagement in the rulemaking process.

 Next Steps

The proposed rule is certain to be the subject of interest and debate in the coming months, and DoD is accepting comments on the rule until November 20, 2015. Moreover, there is little doubt that further action in this area is coming. As noted above, a second DFARS case has been opened to establish qualification requirements for trusted suppliers, and a status report on that effort is due October 21, 2015. Members of the defense contracting community would be well advised to continue to closely monitor developments and to assess the need to calibrate their operations and compliance programs accordingly.

[1] But note that if the prime contractor is CAS covered, every lower-tier contractor is also bound by the rule, regardless of the lower-tier contractors’ CAS status.

Tags: Counterfeit Parts, DFARS Proposed Rule, Supply Chain Management
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information, as well as representing contractors facing allegations of cyber fraud under the False Claims Act. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
Federal Acquisition Security Council (FASC) regulations and product exclusions,
Controlled unclassified information (CUI) obligations, and
M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

Procurement fraud and FAR mandatory disclosure requirements,
Cyber incidents and data spills involving sensitive government information,
Allegations of violations of national security requirements, and
Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.

Read more about Susan B. CassidyEmail
Show more Show less
Photo of Michael Wagner Michael Wagner

Mike Wagner represents companies and individuals in complex compliance and enforcement matters arising in the public procurement context. Combining deep regulatory expertise and extensive investigations experience, Mike helps government contractors navigate detailed procurement rules and achieve the efficient resolution of government investigations and…

Mike Wagner represents companies and individuals in complex compliance and enforcement matters arising in the public procurement context. Combining deep regulatory expertise and extensive investigations experience, Mike helps government contractors navigate detailed procurement rules and achieve the efficient resolution of government investigations and enforcement actions.

Mike regularly represents contractors in federal and state compliance and enforcement matters relating to a range of procurement laws and regulations. He has particular experience handling investigations and litigation brought under the civil False Claims Act, and he routinely counsels government contractors on mandatory and voluntary disclosure considerations under the FAR, DFARS, and related regulatory regimes. He also represents contractors in high-stakes suspension and debarment matters at the federal and state levels, and he has served as Co-Chair of the ABA Suspension & Debarment Committee and is principal editor of the American Bar Association’s Practitioner’s Guide to Suspension & Debarment (4th ed.) (2018).

Mike also has extensive experience representing companies pursuing and negotiating grants, cooperative agreements, and Other Transaction Authority agreements (OTAs). In this regard, he has particular familiarity with the semiconductor and clean energy industries, and he has devoted substantial time in recent years to advising clients on strategic considerations for pursuing opportunities under the CHIPS Act, Inflation Reduction Act, and Bipartisan Infrastructure Law.

In his counseling practice, Mike regularly advises government contractors and suppliers on best practices for managing the rapidly-evolving array of cybersecurity and supply chain security rules and requirements. In particular, he helps companies assess and navigate domestic preference and country-of-origin requirements under the Buy American Act (BAA), Trade Agreements Act (TAA), Berry Amendment, and DOD Specialty Metals regulation. He also assists clients in managing product and information security considerations related to overseas manufacture and development of Information and Communication Technologies & Services (ICTS).

Mike serves on Covington’s Hiring Committee and is Co-Chair of the firm’s Summer Associate Program. He is a frequent writer and speaker on issues relating to procurement fraud and contractor responsibility, and he has served as an adjunct professor at the George Washington University Law School.

Read more about Michael WagnerEmail
Show more Show less