Learn About the Law
Get help with your legal needs
FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.
Current as of October 02, 2022 | Updated by FindLaw Staff
For purposes of this part:
(a) Appropriate congressional committees and leadership means:
(1) The Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Armed Services, the Committee on Commerce, Science, and Transportation, the Select Committee on Intelligence, and the majority and minority leader of the Senate; and
(2) The Committee on Oversight and Government Reform, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Homeland Security, the Committee on Armed Services, the Committee on Energy and Commerce, the Permanent Select Committee on Intelligence, and the Speaker and minority leader of the House of Representatives.
(b) Council or FASC means the Federal Acquisition Security Council.
(c) Covered article means any of the following:
(1) Information technology, as defined in 40 U.S.C. 11101, including cloud computing services of all types;
(2) Telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153);
(3) The processing of information on a Federal or non–Federal information system, subject to the requirements of the Controlled Unclassified Information program or subsequent U.S. government program for controlling sensitive unclassified information; or
(4) Hardware, systems, devices, software, or services that include embedded or incidental information technology.
(d) Covered procurement means:
(1) A source selection for a covered article involving either a performance specification, as provided in subsection (a)(3)(B) of title 41 U.S.C. 3306, or an evaluation factor, as provided in subsection (b)(1)(A) of title 41 U.S.C. 3306, relating to a supply chain risk, or where supply chain risk considerations are included in the agency's determination of whether a source is a responsible source;
(2) The consideration of proposals for and issuance of a task or delivery order for a covered article, as provided in title 41 U.S.C. 4106(d)(3), where the task or delivery order contract includes a contract clause establishing a requirement relating to a supply chain risk;
(3) Any contract action involving a contract for a covered article where the contract includes a clause establishing requirements relating to a supply chain risk; or
(4) Any other procurement in a category of procurements determined appropriate by the Federal Acquisition Regulatory Council, with the advice of the Federal Acquisition Security Council.
(e) Covered procurement action means any of the following actions, if the action takes place in the course of conducting a covered procurement:
(1) The exclusion of a source that fails to meet qualification requirements established under 41 U.S.C. 3311, for the purpose of reducing supply chain risk in the acquisition or use of covered articles;
(2) The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order;
(3) The determination that a source is not a responsible source, based on considerations of supply chain risk; and
(4) The decision to withhold consent for a contractor to subcontract with a particular source or to direct a contractor to exclude a particular source from consideration for a subcontract under the contract.
(f) Exclusion order means any of the following orders requiring the exclusion of sources or covered articles from executive agency procurement actions:
(1) An order issued by Secretary of Homeland Security applicable to federal executive branch civilian agencies;
(2) An order issued by the Secretary of Defense applicable to Department of Defense and national security systems other than sensitive compartmented information systems; or
(3) An order issued by the Director of National Intelligence applicable to the Intelligence Community and sensitive compartmented information systems.
(g) Executive agency means:
(1) An executive department specified in 5 U.S.C. 101;
(2) A military department specified in 5 U.S.C. 102;
(3) An independent establishment as defined in 5 U.S.C. 104(1); and
(4) A wholly owned Government corporation fully subject to chapter 91 of title 3 U.S.C.
(h) Information and communications technology means:
(1) Information technology as defined in 40 U.S.C. 11101;
(2) Information systems, as defined in 44 U.S.C. 3502; and
(3) Telecommunications equipment and telecommunications services, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153).
(i) Information technology has the definition provided in 40 U.S.C. 11101.
(j) Intelligence Community includes the following:
(1) The Office of the Director of National Intelligence;
(2) The Central Intelligence Agency;
(3) The National Security Agency;
(4) The Defense Intelligence Agency;
(5) The National Geospatial–Intelligence Agency;
(6) The National Reconnaissance Office;
(7) Other offices within the Department of Defense for the collection of specialized national intelligence through reconnaissance programs;
(8) The intelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Coast Guard, the Federal Bureau of Investigation, the Drug Enforcement Administration, and the Department of Energy;
(9) The Bureau of Intelligence and Research of the Department of State;
(10) The Office of Intelligence and Analysis of the Department of the Treasury;
(11) The Office of Intelligence and Analysis of the Department of Homeland Security;
(12) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence and the head of the department or agency concerned, as an element of the intelligence community.
(k) National security system has the definition given to it in 44 U.S.C. 3552 and means any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—
(1) The function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or subject to paragraph (j)(1)(3) of this section, is critical to the direct fulfillment of military or intelligence missions, but does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications); or
(2) Is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
(3) Does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications).
(l) Removal order means any of the following orders, issued pursuant to 41 U.S.C. 1323(c)(5), requiring the removal of covered articles from executive agency information systems:
(m) 1 An order issued by Secretary of Homeland Security applicable to federal executive branch civilian agencies;
1 So in original; there is no subsection (m)(1). See 85 FR 54267.
(2) An order issued by the Secretary of Defense applicable to Department of Defense and national security systems other than sensitive compartmented information systems; or
(3) An order issued by the Director of National Intelligence applicable to the intelligence community and sensitive compartmented information systems.
(n) Responsible source means a responsible prospective contractor and subcontractors, at any tier, as defined in part 9 of the Federal Acquisition Regulation.
(o) Source means a non-federal supplier, or potential supplier, of products or services, at any tier.
(p) Supply chain risk means the risk that any person may sabotage, maliciously introduce unwanted functionality, extract data, or otherwise manipulate the design, integrity, manufacturing, production, distribution, installation, operation, maintenance, disposition, or retirement of covered articles so as to surveil, deny, disrupt, or otherwise manipulate the function, use, or operation of the covered articles or information stored or transmitted by or through covered articles.
(q) Supply chain risk information includes, but is not limited to, information that describes or identifies:
(1) Functionality of covered articles, including access to data and information system privileges;
(2) Information on the user environment where a covered article is used or installed;
(3) The ability of the source to produce and deliver covered articles as expected (i.e., supply chain assurance);
(4) Foreign control of, or influence over, the source (e.g., foreign ownership, personal and professional ties between the source and any foreign entity, legal regime of any foreign country in which the source is headquartered or conducts operations);
(5) Implications to national security, homeland security, and/or national critical functions associated with use of the covered source;
(6) Vulnerability of federal systems, programs, or facilities;
(7) Market alternatives to the covered source;
(8) Potential impact or harm caused by the possible loss, damage, or compromise of a product, material, or service to an organization's operations or mission;
(9) Likelihood of a potential impact or harm, or the exploitability of a system;
(10) Security, authenticity, and integrity of covered articles and their supply and compilation chain;
(11) Capacity to mitigate risks identified;
(12) Credibility of and confidence in other supply chain risk information;
(13) Any other information that would factor into an analysis of the security, integrity, resilience, quality, trustworthiness, or authenticity of covered articles or sources;
(14) A summary of the above information, including: Summary of the threat level on 1 (low) to 5 (high) scale; and summary of the vulnerability level on 1 (low) to 5 (high) scale; and, any other information determined to be relevant to the determination of supply chain risk.
Cite this article: FindLaw.com - Code of Federal Regulations Title 41. Public Contracts and Property Management § 41.201.102 Definitions - last updated October 02, 2022 | https://codes.findlaw.com/cfr/title-41-public-contracts-and-property-management/cfr-sect-41-201-102/
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.
A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.
Get help with your legal needs
FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.
Search our directory by legal issue
Enter information in one or both fields (Required)