Previous PageTable Of ContentsDFARS Home PageNext Page

DFARS 239



Part 239—Acquisition of Information Technology

TABLE OF CONTENTS

(Revised November 18, 2013)

SUBPART 239.1--GENERAL

239.101 Policy.

SUBPART 239.70--EXCHANGE OR SALE OF INFORMATION TECHNOLOGY

239.7001 Policy.

SUBPART 239.71--SECURITY AND PRIVACY FOR COMPUTER SYSTEMS

239.7100 Scope of subpart.

239.7101 Definition.

239.7102 Policy and responsibilities.

239.7102-1 General.

239.7102-2 Compromising emanations—TEMPEST or other standard.

239.7102-3 Information assurance contractor training and certification.

239.7103 Contract clauses.

SUBPART 239.72--STANDARDS

239.7201 Solicitation requirements.

SUBPART 239.73— REQUIREMENTS FOR INFORMATION RELATING TO SUPPLY CHAIN RISK

239.7300 Scope of subpart.

239.7301 Applicability.

239.7302 Definitions.

239.7303 Authorized individuals.

239.7304 Determination and notification.

239.7305 Exclusion and limitation on disclosure.

239.7306 Solicitation provision and contract clause.

SUBPART 239.74--TELECOMMUNICATIONS SERVICES

239.7400 Scope.

239.7401 Definitions.

239.7402 Policy.

239.7403 Reserved.

239.7404 Reserved.

239.7405 Delegated authority for telecommunications resources.

239.7406 Certified cost or pricing data and data other than certified cost or pricing data.

239.7407 Type of contract.

239.7408 Special construction.

239.7408-1 General.

239.7408-2 Applicability of construction labor standards for special construction.

239.7409 Special assembly.

239.7410 Cancellation and termination.

239.7411 Contract clauses.

SUBPART 239.1--GENERAL

(Revised July 15, 2009)

239.101 Policy.

See Subpart 208.74 when acquiring commercial software or software maintenance. See 227.7202 for policy on the acquisition of commercial computer software and commercial computer software documentation.

SUBPART 239.70--EXCHANGE OR SALE OF INFORMATION TECHNOLOGY

(Revised July 11, 2006)

239.7001 Policy.

Agencies shall follow the procedures in DoD 4140.1-R, DoD Supply Chain Materiel Management Regulation, Chapter 9, Section C9.5, when considering the exchange or sale of Government-owned information technology.

SUBPART 239.71--SECURITY AND PRIVACY FOR COMPUTER SYSTEMS

(Revised June 21, 2010)

239.7100 Scope of subpart.

This subpart includes information assurance and Privacy Act considerations. Information assurance requirements are in addition to provisions concerning protection of privacy of individuals (see FAR Subpart 24.1).

239.7101 Definition.

“Information assurance,” as used in this subpart, means measures that protect and defend information, that is entered, processed, transmitted, stored, retrieved, displayed, or destroyed, and information systems, by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for the restoration of information systems by incorporating protection, detection, and reaction capabilities.

239.7102 Policy and responsibilities.

239.7102-1 General.

Workforce Management; and

239.7102-2 Compromising emanations—TEMPEST or other standard.

For acquisitions requiring information assurance against compromising emanations, the requiring activity is responsible for providing to the contracting officer—

239.7102-3 Information assurance contractor training and certification.

239.7103 Contract clauses.

SUBPART 239.72--STANDARDS

(Revised July 11, 2006)

239.7201 Solicitation requirements.

Contracting officers shall ensure that all applicable Federal Information Processing Standards are incorporated into solicitations.

SUBPART 239.73–REQUIREMENTS FOR INFORMATION RELATING TO

SUPPLY CHAIN RISK

(Added November 18, 2013)

239.7300 Scope of subpart.

239.7301 Applicability.

Notwithstanding FAR 39.001, this subpart shall be applied to acquisition of information technology for national security systems, as that term is defined at 44 U.S.C. 3542(b), for procurements involving—

239.7302 Definitions.

As used in this subpart—

“Covered item” means an item of information technology that is purchased for inclusion in a covered system, and the loss of integrity of which could result in a supply chain risk for a covered system (see section 806(e)(6) of Pub. L. 111-383).

Covered systemmeans a national security system, as that term is defined at 44 U.S.C. 3542(b) (see section 806(e)(5) of Pub. L. 111-383). It is any information system, including any telecommunications system, used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—

“Information technology,” in lieu of the definition at FAR 2.1, and “supply chain risk” are defined in the clause at 252.239-7018, Supply Chain Risk.

239.7303 Authorized individuals.

239.7304 Determination and notification.

The individuals authorized in 239.7303 may exercise the authority provided in 239.7305 only after—

239.7305 Exclusion and limitation on disclosure.

Subject to 239.7304, the individuals authorized in 239.7303 may, in the course of conducting a covered procurement—

239.7306 Solicitation provision and contract clause.

SUBPART 239.74--TELECOMMUNICATIONS SERVICES

(Revised December 31, 2012)

239.7400 Scope.

This subpart prescribes policy and procedures for acquisition of telecommunications services and maintenance of telecommunications security. Telecommunications services meet the definition of information technology.

239.7401 Definitions.

As used in this subpart—

239.7402 Policy.

239.7403 Reserved.

239.7404 Reserved.

239.7405 Delegated authority for telecommunications resources.

The contracting officer may enter into a telecommunications service contract on a month-to-month basis or for any longer period or series of periods, not to exceed a total of 10 years. See PGI 239.7405 for documents relating to this contracting authority, which the General Services Administration has delegated to DoD.

239.7406 Certified cost or pricing data and data other than certified cost or pricing data.

reasonable in accordance with FAR 15.403-3 or 15.403-4. See PGI 239.7406 for

examples of instances where additional data may be necessary to determine price

reasonableness.

239.7407 Type of contract.

When acquiring telecommunications services, the contracting officer may use a basic agreement (see FAR 16.702) in conjunction with communication service authorizations. When using this method, follow the procedures at PGI 239.7407.

239.7408 Special construction.

239.7408-1 General.

239.7408-2 Applicability of construction labor standards for special construction.

239.7409 Special assembly.

239.7410 Cancellation and termination.

239.7411 Contract clauses.

SUBPART 239.75

(Removed July 11, 2006)

Previous PageTop Of PageTable Of ContentsDFARS Home PageNext Page