Subpart 4.23 Federal Acquisition Security Council.

This analysis provides a structured summary of FAR Subpart 4.23, which addresses the security and integrity of the federal supply chain through the Federal Acquisition Security Council (FASC).

Overview

FAR Subpart 4.23 implements the Federal Acquisition Supply Chain Security Act of 2018. It establishes a formal process for identifying, sharing, and mitigating supply chain risks by allowing the government to issue "FASCSA orders" that prohibit the procurement of specific "covered articles" or products from certain "sources." This authority is currently set to expire on December 31, 2033.

Key Rules

• Prohibition of Restricted Articles/Sources: Executive agencies are strictly prohibited from procuring, obtaining, or extending contracts for any "covered article" or service provided by a "source" that is subject to an active FASCSA order.
• Definition of Covered Articles: This includes Information Technology (IT), cloud computing services, telecommunications equipment/services, and any hardware or software with embedded or incidental IT.
• Three Issuing Authorities:
  1. DHS: Issues orders for civilian agencies.
  2. DoD: Issues orders for the Department of Defense and national security systems.
  3. DNI: Issues orders for the intelligence community and sensitive compartmented information systems.
• Searchability: Most FASCSA orders are identified in the System for Award Management (SAM) by searching for the phrase "FASCSA order."
• Reasonable Inquiry: Contractors are required to conduct a "reasonable inquiry"—a review of the information in their possession—to ensure they are not providing prohibited articles. This does not require a formal third-party audit.
• Modification Timeline: When a new FASCSA order is issued, Contracting Officers must modify existing contracts to incorporate the prohibition within 6 months.

Responsibilities

• Contracting Officers (COs):
  • Identify applicable FASCSA orders by coordinating with the program office.
  • Insert required solicitation provisions (52.204-29) and contract clauses (52.204-30).
  • Update solicitations and contracts when new orders are issued.
  • Decide whether to pursue waivers or cease awards to non-compliant offerors.
• Program Managers / Requiring Activities:
  • Identify specific FASCSA orders that may not be listed in SAM.
  • Determine the necessity of sharing risk information with the FASC.
  • Provide the "compelling justification" required for waiver requests.
• Executive Agencies:
  • Must share relevant supply chain risk information with the FASC if a "substantial" risk is identified.
• Contractors/Offerors:
  • Conduct due diligence (reasonable inquiry) into their own supply chains.
  • Disclose if they cannot comply with an order and report any prohibited articles discovered during contract performance.

Practical Implications

• Dynamic Compliance: Unlike static lists of banned entities (like Section 889), the FASCSA list is dynamic. A product that is legal today could be prohibited tomorrow, requiring contractors to monitor SAM.gov continuously.
• Tiered Risk: The definition of "Source" includes suppliers "at any tier." This means prime contractors are responsible for ensuring their subcontractors and lower-tier vendors are not using prohibited articles.
• Contractual Shifts: If a FASCSA order is issued mid-performance, the requirement to modify the contract within 6 months may lead to Requests for Equitable Adjustment (REAs) or claims, as contractors may need to rip-and-replace equipment or switch vendors to remain compliant.
• Interagency Complexity: For interagency acquisitions, the funding agency dictates which FASCSA orders apply, which can create confusion if the awarding agency typically follows different (e.g., civilian vs. defense) protocols.
• Waiver Difficulty: Waivers are not easily granted; they require a high burden of proof, including a "compelling justification" (like mission failure) and a detailed risk mitigation plan.