The Defense Department is seeking public comment on extending reporting requirements for contractors under acquisition rules related to the purchasing of information technology services and products, including measures to protect against counterfeit components that could pose cybersecurity risks.
"Administrative contracting officers use this information in making decisions to approve or disapprove a contractor's purchase system," DOD says in a Federal Register notice issued today. "The disapproval of a contractor's purchasing system would necessitate Government consent to individual subcontracts and possibly prompt a financial withhold or other Government rights and remedies."
Comments are due within 60 days. The reporting requirement is being extended for three years, according to the notice.
The "information collection requirement" implements DOD Federal Acquisition Rule Part 244 which governs subcontracting policies and procedures, including purchases of IT products and managing supply-chain risks.
The rule requires contracting officers to "review the adequacy of the contractor's counterfeit electronic part detection and avoidance system" and "consider the need for a consent to subcontract requirement regarding supply chain risk," according to DFARS Part 244 Sections 303(b) and 201(a)(S-70), respectively.
The White House Office of Management and Budget "has approved this information collection requirement for use through May 31, 2020. DOD proposes that OMB extend its approval for an additional three years," according to the Federal Register notice.