Missing Definition of ‘Trusted Supplier’ in the proposed DFARS Rule on “Detection and Avoidance of Counterfeit Electronic Parts”

The Federal Register Notice concerning the proposed DFARS Rule on “Detection and Avoidance of Counterfeit Electronic Parts” [1] describes partial implementation of the National Defense Authorization Act for Fiscal Year 2012 [2], including “the use of trusted suppliers” [3]. Within its criteria for an acceptable “Contractor Counterfeit Electronic Part Avoidance and Detection System”, the proposed rule includes “Use and qualification of trusted suppliers”. The proposed rule, however, does not include a definition for the term “trusted supplier”, nor does the new DoD counterfeit prevention policy [4] include a definition for this term.

The proposed rule does not include key elements of a trusted supplier concept specified in NDAA2012§818. Referring to Section 818(c)(3)(A), DoD is expected to revise regulations to (emphasis added) …

… require that, whenever possible, the Department and Department contractors and subcontractors at all tiers–

(i) obtain electronic parts that are in production or currently available in stock from the original manufacturers of the parts or their authorized dealers, or from trusted suppliers who obtain such parts exclusively from the original manufacturers of the parts or their authorized dealers; and

(ii) obtain electronic parts that are not in production or currently available in stock from trusted suppliers;

Section 818(c)(3)(A)(i) includes the keystone to counterfeit avoidance practices recommended by industry and US government subject matter experts and industry standards such as SAE Aerospace Standard AS5553 [5] — use of original manufacturers of the parts or their authorized distributors. It also acknowledges circumstances where one would use other suppliers who, in turn, obtain parts from the original manufacturer or its authorized distributors.

Prior to the release of DODI 4140.67 and the publication of the proposed DFARS rule, The Defense Logistics Agency (DLA) introduced the term “trusted source” [6] in January 2013 which puts several categories of suppliers on equal footing. This implementation falls short of what NDAA2012§818(c)(3)(A)(i) requires of DoD and its contractors – apply a strong preference for electronic parts acquired from the original manufacturer or its authorized distributors.

Recommendations

DoD should adopt this keystone to counterfeit prevention within the proposed DFARS rule and within in its own policy. Specifically, DoD should consider the following …

Develop a definition of the term trusted supplier that applies a preference for the use of and original manufacturer or its authorized distributors, and includes suppliers who obtain electronic parts exclusively from the original manufacturer or its authorized distributor.

Adopt definitions within industry standards for the terms “original manufacturer” (e.g. OCM per AS5553) and “authorized distributor” (e.g. “authorized supplier” per AS5553 and “authorized distributor” per proposed AS7777) [7].

Include provisions for cases where electronic parts that are not in production or currently available in stock from the original manufacturer or its authorized distributors such that the supplier must apply extra measures to avoid counterfeits. These extra measures must include an assessment of supply chain traceability information associated with the product, and inspections and tests specifically designed to detect and intercept counterfeits.

Should DoD consider including suppliers other than original manufacturers or their authorized distributors as trusted suppliers, develop specific qualification requirements that require these suppliers to apply the extra measures described above when electronic parts are obtained from other than the original manufacturer or its authorized distributors. [8]

Henry Livingston


[1] Proposed DFARS Rule on “Detection and Avoidance of Counterfeit Electronic Parts” (2013-11400)

[2] Pub. L. 112-081, Section 818, “Detection and Avoidance of Counterfeit Electronic Parts.”

[3] The use of the term trusted supplier within Section 818 of the FY2012 NDAA differs significantly from its current use with respect to the “DoD Trusted Foundry Program” described within DODI 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN).

[4] DoD Instruction 4140.67, DoD Counterfeit Prevention Policy (April 26, 2013) uses the term “qualified supplier”, but defines it very broadly.

[5] SAE International Aerospace Standard AS5553 was adopted by DoD shortly after its original publication in 2009.

[6] DLAD 52.211-9008 Special Notice – Compliance with 52.211-9074, Deoxyribonucleic Acid (DNA) Marking – Federal Supply Class (FSC) 5962 – Trusted Sources.
“Trusted sources are defined as: approved sources listed in the item description (such as original component manufacturers (OCMs) and original equipment manufacturers (OEMs); sources listed, or are qualified for listing (as determined by the Contracting Officer), on the applicable qualified products list (QPL) or qualified manufacturers list (QML); authorized distributors of approved or QPL or QML qualified sources (as determined by the Contracting Officer) with adequate traceability (as determined by the Contracting Officer) to the approved or QPL or QML qualified source; distributors that are listed, or are qualified for listing (as determined by the Contracting Officer), on the DLA Land and Maritime qualified suppliers list of distributors (QSLD) for FSC 5961 and 5962 at the time of award, and who have adequate traceability (as determined by the Contracting Officer); and companies that are listed, or are qualified for listing (as determined by the Contracting Officer) on the DLA Land and Maritime Qualified Testing Suppliers List (QTSL)– Federal Supply Classes (FSC) 5961 and 5962.”

[7] The SAE G19 Counterfeit Electronic Parts Committee is developing a new standard, AS7777, which will define the term “authorized distributor”.

[8] SAE International Aerospace Standard AS6081 includes requirements for use by distributors of electronic parts purchased and sold from the Open Market. While this author has continued concerns that standards, such as AS6081, may focus on the limited abilities of independent distributors rather than on those processes and tests that increase the probability of actual detection of counterfeit parts, the introduction of reasonable national standards would likely result in the reduction of counterfeit parts introduced through this link in the supply chain.

Advertisements

2 thoughts on “Missing Definition of ‘Trusted Supplier’ in the proposed DFARS Rule on “Detection and Avoidance of Counterfeit Electronic Parts”

  1. Jordan Freed says:

    Absolutely agree that this is the keystone element and is missing outright. We are an OEM supplying COTS and mofdified COTS electronic assemblies to all of the Tier 1 US Defense Contractors so we are seeing all the different approaches via flowdown to handle counterfeit prevention. The most promising has been one that requires an AS5553 compliant process AND the use of an AS6081 “certified” or CCAP-101 “certified” distributor for obsloete parts unless approved by our customer. Focusing on a reliablle certification model for independent distributors via a standard like AS6081 as a means to define ‘Trusted Supplier’ that would be a major step towards an achievable and effective implementation of the DFARS rule.

  2. Dan Deisz says:

    The term “trusted supplier” says Independent distributor or broker, period. The only way this should be a valid path to procure parts is if-and-only-if the OCM and Authorized and/or Franchised sources have been exhausted…..and there should be proof of this in the required procurement systems being called out. This needs to be clearly stated in the legislation; that Authorized/Franchised sources must be exhausted before Independent sources can be used. AS6081 does not cover enough, especially when the external test house market does not have the OCM test program to begin with. AS6081 is a step, but without the OCM test programs it’s not clear or defined exactly what you are covering versus what the OCM would ship from a quality perspective. We have to make it clear that any other path of parts procurement other than Authorized/Franchised or OCM-direct has to include significantly more testing and cost. This whole “trusted supplier” thing is incredibly vague and an incredible loop-hole of ambiguity. “Trusted supplier” is an Independent distributor. We ought to be calling them out and tagging that procurement path with all that is necessary only if the Authorized/OCM paths are fully exhausted.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: