Counterfeit Electronic Part Detection and Avoidance

Type of Policy

Administrative

Effective Date

September 2018

Last Revised

April 2020

Review Date

November 2023

Policy Owner

Georgia Tech Research Institute (GTRI)

Contact Name

Lydia Liford

Contact Title

PMO

Contact Email

pmo@gtri.gatech.edu

Reason for Policy

A counterfeit electronic part is an unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer. The standard SAE AS6171 further classifies counterfeit parts as components that have been recycled, remarked, overproduced, out-of-specification/defective, received with forged documentation, or cloned. The United States (U.S.) Congress has directed that the Department of Defense (DoD) take specific actions to “prevent, detect, remediate and investigate counterfeiting in the DoD supply chain.”

The intent of the policy is to satisfy U.S. Government requirements (DFARS 246.870 and DFARS 252.246-7007) to prevent the proliferation of counterfeit parts while allowing researchers to fulfill their contractual obligations with minimal additional impediment. The policy was developed considering the requirements of the appropriate DFARS clause(s), Defense Logistics Agency standards, industry standards published by SAE, and conference with industry and government representatives.

Refer to Section 9 for reference documents and links as related to this policy.

Policy Statement

For some time, the DoD has been addressing the proliferation of counterfeit parts worldwide and their infiltration into the defense supply chain. With the continued increase in counterfeiting, the DoD has issued directives and promulgated regulations for contractors to implement systems to detect, avoid, and report counterfeit parts. The Georgia Institute of Technology (GIT) must develop policy, procedures, and provide training to prevent the introduction of counterfeit parts used in DoD Weapon Systems, Information Systems, and prototypes. Counterfeit parts pose a threat to DoD system operations. Furthermore, the lack of an effective Counterfeit Detection and Avoidance System (CDAS) will negatively affect GIT research programs.

The CDAS will be audited by the government. Failure to maintain acceptable counterfeit electronic part detection and avoidance policies and procedures may result in disapproval of the Institute’s purchasing system by the government’s contracting officer (CO) and/or withholding of payments. With limited exceptions, GIT will not be able to recover the costs of the counterfeit part or any rework or corrective action taken to remedy the inclusion of counterfeit parts in delivered hardware.

It is essential that GIT maintain an acceptable Counterfeit Electronic Part Detection and Avoidance Policy (CEPDAP) adhered to by all individuals involved in the acquisition of electronic parts for work on DoD sponsored awards to comply with DoD mandatory requirements, minimize risk to DoD operations, and maintain an effective and efficient purchasing system. This policy describes the set of controls designed to eliminate or mitigate the risk of utilizing counterfeit electronic components in GIT delivered hardware. DoD contracts that are subject to DFARS 252.246-7007 are required to adhere to this policy. In the event of a conflict with other GIT policies or procedures, this policy shall take precedence.

Scope

This process applies to electronic components utilized by, or incorporated into, the fabrication, assembly, or test of prototype hardware that is to be provided for evaluation or service to U.S. Government sponsors. This process is also provided as a recommended practice for all programs. This includes electronic assemblies or subsystems that are designed and built to project requirements by third party original design manufacturers (ODMs), as well as hardware that is designed by GIT but then outsourced to a contract manufacturer (CM) for assembly.

Excluded from these requirements are electronic components procured for use in equipment intended for internal purposes (e.g. research, development, problem resolution, testing theories, trying new ideas, etc.), and which are not planned to be provided to sponsors. However, GIT still encourages the procurement of parts through approved venders as identified in this policy.

Also excluded are unmodified commercial off-the-shelf (COTS) assemblies or subsystems, procured from original equipment manufacturers (OEMs), unless otherwise specified in the project plan or mission assurance plan.

Implementation is the responsibility of any individual or organization, internal or external to GIT, which is involved in sourcing such parts in support of program hardware provided to sponsors that is not excluded as called out above. It is important that unit procedures (e.g. college, school, or GTRI laboratory) reflect the requirements outlined in this policy.

Definitions:

Acronym, Abbreviation, or Term	Definition
Authorized Aftermarket Manufacturer (AAM)	An organization that fabricates a part under a contract with, or with the express written authority of, the original component manufacturer based on the original component manufacturer’s designs, formulas, and/or specifications.
Authorized Supplier	Supplier, distributor, or an aftermarket manufacturer with a contractual arrangement with, or the express written authority of, the original manufacturer or current design activity to buy, stock, repackage, sell, or distribute the part.
C of O	Certificate of origin
Contractor-approved supplier (CAS)	A supplier that does not have a contractual agreement with the original component manufacturer for a transaction, but has been identified as trustworthy by a contractor or subcontractor.
CASL	Contractor Approved Supplier List
CDAS	Counterfeit Detection and Avoidance System
Contract manufacturer (CM)	A company that produces goods under contract for another company under the label or brand name of that company.
CO	Contracting Officer
COTS	Commercial Off-The-Shelf
Counterfeit electronic part	An unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer, or a source with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer. Unlawful or unauthorized substitution includes used electronic parts represented as new, or the false identification of grade, serial number, lot number, date code, or performance characteristics.
DFARS	Defense Federal Acquisition Regulations Supplement
DoD	Department of Defense
ECIA	The Electronic Components Industry Association (ECIA) maintains a database of verified authorized suppliers. The ECIA database is an alternative source for verifying authorized suppliers and shall be archived with purchase documentation.
EEE	Electrical, Electronic, and Electromechanical
Electronic part	An integrated circuit, a discrete electronic component (including, but not limited to, a transistor, capacitor, resistor, or diode), or a circuit
ERAI	ERAI, Inc. is a global information services organization that monitors, investigates, and reports issues affecting the global electronics supply chain.
GIDEP	Government-Industry Data Exchange Program is a cooperative activity between government and industry participants seeking to reduce or eliminate expenditures of resources by sharing technical information essential during research, design, development, production and operational phases of the life cycle of systems, facilities and equipment.
GIT	Georgia Institute of Technology
GTRI	Georgia Tech Research Institute
Mission Assurance	A process to protect or ensure the continued function and resilience of capabilities and assets – including personnel, equipment, facilities, networks, information and information systems, infrastructure, and supply chains – critical to the performance of DoD MEFs (Mission Essential Functions) in any operating environment of condition.
NRE	Non-recurring engineering
Obsolete electronic part	An electronic part that is no longer available from the original manufacturer or an authorized aftermarket manufacturer.
ODM	Original Design Manufacturer
Original component manufacturer (OCM)	An organization that designs and/or engineers a part and is entitled to any intellectual property rights to that part.
Original equipment manufacturer (OEM)	A company that manufactures products that it has designed from purchased components and sells those products under the company's brand name.
Original manufacturer	The original component manufacturer, the original equipment manufacturer, or the contract manufacturer.
OSP	Office of Sponsored Programs
PD	Project Director
PI	Principal Investigators
PM	Project Manager
PMO	Project Management Office
PO	Purchase Order
SAE	Society of Automotive Engineers
Subcontractor	Any supplier, distributor, vendor, or firm that furnishes supplies or services to or for GIT
Suspect counterfeit electronic part	An electronic part for which credible evidence (including, but not limited to, visual inspection or testing) provides reasonable doubt that the electronic part is authentic.
Traceability	The capability to track the chain of custody of a procured item(s) through its specific supply chain.
Unit	College, School, GTRI laboratory
U.S.	United States

Procedures

5.1 Employee Training
	To support this process, the following training requirement shall be imposed upon indicated personnel: This policy will be the basis for a Counterfeit Electronic Component Awareness Training program to be developed and administered by GTRI, in conjunction with the Office of Sponsored Programs (OSP). Project Directors (PDs) and Principal Investigator (PIs) are required to determine who within the project team should complete the training. Personnel responsible for the specification and/or procurement of purchased components for prototypes, as well as personnel who physically handle electronic components or assemblies containing electronic components, are recommended to complete Counterfeit Electronic Component Awareness Training. The GIT training for this policy can be found here. To access the training module, GIT employees will need to login to the employee training portal and search the course catalog for “Counterfeit Electronic Part Detection and Avoidance Policy Overview”.

5.1 Employee Training

To support this process, the following training requirement shall be imposed upon indicated personnel:

This policy will be the basis for a Counterfeit Electronic Component Awareness Training program to be developed and administered by GTRI, in conjunction with the Office of Sponsored Programs (OSP).

Project Directors (PDs) and Principal Investigator (PIs) are required to determine who within the project team should complete the training.

Personnel responsible for the specification and/or procurement of purchased components for prototypes, as well as personnel who physically handle electronic components or assemblies containing electronic components, are recommended to complete Counterfeit Electronic Component Awareness Training.

The GIT training for this policy can be found here. To access the training module, GIT employees will need to login to the employee training portal and search the course catalog for “Counterfeit Electronic Part Detection and Avoidance Policy Overview”.

5.2 Inspection and Testing
	It is the responsibility of all personnel who handle electronic components or assemblies containing electronic components at any point in the inspection, assembly, and test flow to be aware of and to report any attribute, feature, or performance parameter that may indicate that the part is not genuine. GIT procurement sourcing controls are designed to minimize risk of receipt of counterfeit electronic parts. However, there is a possibility that such parts may make their way into department or laboratory storage spaces. To support this policy, GIT will adhere to the following: Assembly or test personnel shall report any visual or functional anomaly to the PD or PI for counterfeit assessment at any point during receipt of parts. Cosmetic anomalies may or may not be indicative of counterfeit production, but must be investigated as such. GIT PDs, PIs, and Program Managers (PMs) shall work with the supplier to verify counterfeit determination and shall issue a Government-Industry Data Exchange Program (GIDEP) Advisory (suspect counterfeit part, but confirmed genuine) or GIDEP Alert (confirmed as counterfeit). Such reports are to be issued within 30 days of the initial escalation. For access to GIDEP, please direct any inquiries to the PMO. Upon receiving an item, a visual inspection must be conducted. If an item is purchased from Category 1 or Category 2, a visual inspection and acceptance will need to be completed. If an item is purchased from Category 3, it will need to be sent to a testing facility as identified on the CASL. The physical/environmental/electrical/inspection test sequences required for Category 3 electronic parts is dependent on a risk assessment to determine the recommended level of testing to mitigate risk associated with obtaining the parts from an unauthorized supplier. SAE-AS6171 provides a method for establishing risk and appropriate test sequences, and shall be utilized and documented for GT and GTRI for procured Category 3 electronic parts. Refer to Section 5.5 for supplier category and CASL information. Refer to Section 5.6 for quarantine procedures if a suspected counterfeit part is identified.

5.2 Inspection and Testing

It is the responsibility of all personnel who handle electronic components or assemblies containing electronic components at any point in the inspection, assembly, and test flow to be aware of and to report any attribute, feature, or performance parameter that may indicate that the part is not genuine.

GIT procurement sourcing controls are designed to minimize risk of receipt of counterfeit electronic parts. However, there is a possibility that such parts may make their way into department or laboratory storage spaces. To support this policy, GIT will adhere to the following:

Assembly or test personnel shall report any visual or functional anomaly to the PD or PI for counterfeit assessment at any point during receipt of parts. Cosmetic anomalies may or may not be indicative of counterfeit production, but must be investigated as such.
GIT PDs, PIs, and Program Managers (PMs) shall work with the supplier to verify counterfeit determination and shall issue a Government-Industry Data Exchange Program (GIDEP) Advisory (suspect counterfeit part, but confirmed genuine) or GIDEP Alert (confirmed as counterfeit). Such reports are to be issued within 30 days of the initial escalation. For access to GIDEP, please direct any inquiries to the PMO.

Upon receiving an item, a visual inspection must be conducted. If an item is purchased from Category 1 or Category 2, a visual inspection and acceptance will need to be completed. If an item is purchased from Category 3, it will need to be sent to a testing facility as identified on the CASL.

The physical/environmental/electrical/inspection test sequences required for Category 3 electronic parts is dependent on a risk assessment to determine the recommended level of testing to mitigate risk associated with obtaining the parts from an unauthorized supplier. SAE-AS6171 provides a method for establishing risk and appropriate test sequences, and shall be utilized and documented for GT and GTRI for procured Category 3 electronic parts.

Refer to Section 5.5 for supplier category and CASL information.

Refer to Section 5.6 for quarantine procedures if a suspected counterfeit part is identified.

5.3 PROCESSES TO ABOLISH COUNTERFEIT PARTS PROLIFERATION
	All GIT orders for electronic components from any supplier shall request that the total quantity of any individual part be from a single manufacturing lot or date code. In addition to minimizing variation in performance, it is less likely that a single manufacturing lot or date code across the total quantity represents parts from an unauthorized market source. This policy shall be imposed on GIT subcontractors as described in Section 5.9.

5.3 PROCESSES TO ABOLISH COUNTERFEIT PARTS PROLIFERATION

All GIT orders for electronic components from any supplier shall request that the total quantity of any individual part be from a single manufacturing lot or date code. In addition to minimizing variation in performance, it is less likely that a single manufacturing lot or date code across the total quantity represents parts from an unauthorized market source.

This policy shall be imposed on GIT subcontractors as described in Section 5.9.

5.4 PROCESSES FOR MAINTAINING ELECTRONIC PART TRACEABILITY
	GIT PDs, PIs, and PMs are required to add traceability documentation provided by vendors into the document repository of the PD's choice (Box, Sharepoint, etc) upon receipt of components to maintain supply chain traceability. PDs, PIs, and PMs must be aware that the selection of non-approved suppliers are subject to review and audit by the appropriate U.S. Government representative. When sourcing an electronic part from a supplier, the following requirements apply: Any order for electronic components from any supplier requires a certificate of origin (C of O), attesting that the supplier acquired those parts directly from the original manufacturer, and that those parts are not returns, nor were they sourced from a non-Category 1, 2, or 3 supplier. This requirement for a C of O must be included on the original PO. Any order for electronic components from any supplier shall request that the total quantity of any individual part be from a single manufacturing lot or date code.

5.4 PROCESSES FOR MAINTAINING ELECTRONIC PART TRACEABILITY

GIT PDs, PIs, and PMs are required to add traceability documentation provided by vendors into the document repository of the PD's choice (Box, Sharepoint, etc) upon receipt of components to maintain supply chain traceability. PDs, PIs, and PMs must be aware that the selection of non-approved suppliers are subject to review and audit by the appropriate U.S. Government representative.

When sourcing an electronic part from a supplier, the following requirements apply:

Any order for electronic components from any supplier requires a certificate of origin (C of O), attesting that the supplier acquired those parts directly from the original manufacturer, and that those parts are not returns, nor were they sourced from a non-Category 1, 2, or 3 supplier. This requirement for a C of O must be included on the original PO.
Any order for electronic components from any supplier shall request that the total quantity of any individual part be from a single manufacturing lot or date code.

5.5 USE OF SUPPLIERS
	GIT is not certified to test suspected counterfeit parts; therefore, GIT shall follow the following guidelines in order to avoid the receipt of counterfeit parts. GIT will be in compliance with DFARS 252.246 by obtaining electronic parts from one of three categories listed below in sequential order: 1. Category 1: GIT PDs, PIs, and PMs will obtain electronic parts that are in production by the original component manufacturer (OCM) or an authorized aftermarket manufacturer (AAM). If parts are not in production, obtain from currently available stock in the following order: a. OCM of the parts; b. OCM-authorized suppliers of the parts; or c. Suppliers that obtain such parts exclusively from the OCM of the parts or their authorized suppliers. OCM authorized suppliers shall be verified using one of these methods: a. Verification of OCM authorized supplier legitimacy prior to purchase shall be documented. OCM websites include the suppliers that are authorized to distribute their components. A screenshot from the OCM website designating authorized suppliers or an email from an OCM verifying an authorized supplier is acceptable verification. b. The Electronic Components Industry Association (ECIA) maintains a database (https://www.eciaauthorized.com/en) of verified authorized suppliers. The ECIA database is an alternative source for verifying authorized suppliers and shall be archived with purchase documentation. A supplier’s website should never be solely relied on as a source for OCM authorization to distribute. 2. Category 2: If electronic parts are not available as provided in Category 1, GIT will obtain electronic parts that are not in production by the OCM or an AAM from suppliers identified by the CASL. The CASL is derived from the DLA certified vendor list, which is included in the workflow attached to this policy. The following three conditions apply to this source of electronic parts: a. GIT will comply with GT Procurement processes to identify and approve CASs who adhere to established counterfeit prevention industry standards as mentioned in Section 10; b. CAS assumes responsibility for the authenticity of parts provided to GIT; and c. CASL is subject to review and audit by the government CO. 3. Category 3: If GIT (i) obtains an electronic part from a source other than those identified in Categories 1 and 2 because of nonavailability or from a subcontractor other than the OCM that refuses to accept the flow down of DFARS clause 252.246-7008; or (ii) cannot confirm that an electronic part is new or previously unused and that it has not been comingled in supplier new production or stock with used, refurbished, reclaimed, or returned parts, then the contractor must adhere to the following: a. Promptly notify the sponsor CO in writing; b. Be responsible for inspection, testing, and authentication by selecting a test resource from the CASL; and c. Log documentation of inspection, testing, and authentication to make available to the government upon request.

5.5 USE OF SUPPLIERS

GIT is not certified to test suspected counterfeit parts; therefore, GIT shall follow the following guidelines in order to avoid the receipt of counterfeit parts.

GIT will be in compliance with DFARS 252.246 by obtaining electronic parts from one of three categories listed below in sequential order:

1. Category 1: GIT PDs, PIs, and PMs will obtain electronic parts that are in production by the original component manufacturer (OCM) or an authorized aftermarket manufacturer (AAM). If parts are not in production, obtain from currently available stock in the following order:

a. OCM of the parts;

b. OCM-authorized suppliers of the parts; or

c. Suppliers that obtain such parts exclusively from the OCM of the parts or their authorized suppliers.

OCM authorized suppliers shall be verified using one of these methods:

a. Verification of OCM authorized supplier legitimacy prior to purchase shall be documented. OCM websites include the suppliers that are authorized to distribute their components. A screenshot from the OCM website designating authorized suppliers or an email from an OCM verifying an authorized supplier is acceptable verification.

b. The Electronic Components Industry Association (ECIA) maintains a database (https://www.eciaauthorized.com/en) of verified authorized suppliers. The ECIA database is an alternative source for verifying authorized suppliers and shall be archived with purchase documentation.

A supplier’s website should never be solely relied on as a source for OCM authorization to distribute.

2. Category 2: If electronic parts are not available as provided in Category 1, GIT will obtain electronic parts that are not in production by the OCM or an AAM from suppliers identified by the CASL. The CASL is derived from the DLA certified vendor list, which is included in the workflow attached to this policy. The following three conditions apply to this source of electronic parts:

a. GIT will comply with GT Procurement processes to identify and approve CASs who adhere to established counterfeit prevention industry standards as mentioned in Section 10;

b. CAS assumes responsibility for the authenticity of parts provided to GIT; and

c. CASL is subject to review and audit by the government CO.

3. Category 3: If GIT (i) obtains an electronic part from a source other than those identified in Categories 1 and 2 because of nonavailability or from a subcontractor other than the OCM that refuses to accept the flow down of DFARS clause 252.246-7008; or (ii) cannot confirm that an electronic part is new or previously unused and that it has not been comingled in supplier new production or stock with used, refurbished, reclaimed, or returned parts, then the contractor must adhere to the following:

a. Promptly notify the sponsor CO in writing;

b. Be responsible for inspection, testing, and authentication by selecting a test resource from the CASL; and

c. Log documentation of inspection, testing, and authentication to make available to the government upon request.

5.6 REPORTING AND QUARANTINING OF COUNTERFEIT ELECTRONIC PARTS
	When one becomes aware of, or has reason to suspect that any electronic part, component, or assembly containing electronic parts purchased contains counterfeit electronic parts or suspect counterfeit electronic parts, reporting is required to the Government CO and to the GIDEP. Per standard AS5553C, control suspect counterfeit EEE parts to preclude their use or reentry in to the supply chain by physically identifying and segregating the suspect counterfeit EEE parts from acceptable non-suspect EEE parts and placing in quarantine until dispositioned. Quarantine shall consist of a controlled access space. PMO can provide guidance about any of these processes in this policy. Please direct any inquiries to PMO.

5.6 REPORTING AND QUARANTINING OF COUNTERFEIT ELECTRONIC PARTS

When one becomes aware of, or has reason to suspect that any electronic part, component, or assembly containing electronic parts purchased contains counterfeit electronic parts or suspect counterfeit electronic parts, reporting is required to the Government CO and to the GIDEP.

Per standard AS5553C, control suspect counterfeit EEE parts to preclude their use or reentry in to the supply chain by physically identifying and segregating the suspect counterfeit EEE parts from acceptable non-suspect EEE parts and placing in quarantine until dispositioned. Quarantine shall consist of a controlled access space.

PMO can provide guidance about any of these processes in this policy. Please direct any inquiries to PMO.

5.7 METHODOLOGIES TO IDENTIFY SUSPECT COUNTERFEIT ELECTRONIC PARTS
	Electronic parts purchased from Category 1 or Category 2 suppliers do not require individual component testing. However, when purchasing parts from a Category 3 supplier, GIT will rely on the identification of suspect counterfeit electronic parts through the use of CASL Testers for inspection and counterfeit testing. Refer to the policy workflow attachment for the CASL.

5.7 METHODOLOGIES TO IDENTIFY SUSPECT COUNTERFEIT ELECTRONIC PARTS

Electronic parts purchased from Category 1 or Category 2 suppliers do not require individual component testing. However, when purchasing parts from a Category 3 supplier, GIT will rely on the identification of suspect counterfeit electronic parts through the use of CASL Testers for inspection and counterfeit testing.

Refer to the policy workflow attachment for the CASL.

5.8 DETECTION AND AVOIDANCE
	GIT is committed to the detection and avoidance of counterfeit electronic components in the government supply chain. GIT supports the procurement of electronic components through Categories 1 and 2, and to follow a thorough selection process when vetting Category 3 suppliers.

5.9 POLICY FLOW DOWN
	All GIT orders for electronic components from any supplier shall request that the total quantity of any individual part be from a single manufacturing lot or date code. In addition to minimizing variation in performance, it is less likely that a single manufacturing lot or date code across the total quantity represents parts from an unauthorized market source.
Subcontractor Flow Down	A subcontractor is defined as any supplier, distributor, vendor, or firm that furnishes supplies or services to or for GIT. Subcontractors participating in GIT projects at all levels in the supply chain that are responsible for buying and selling electronic parts or assemblies containing electronic parts, or that perform authentication testing are required to comply with the notification, inspection, testing, and authentication requirements as listed in this policy. GIT shall be responsible for ensuring that these requirements are flowed down to subcontractors. The subcontractor is required to meet one of the two options listed below: Independent verification of electronic parts used in a subcontracted assembly will consist of a GIT review of the parts list and part sources to confirm that the latter are purchased from Category 1, 2, or 3 suppliers. In a competitive bid situation, an estimate of the cost to GIT of such a review may be applied to the bids of those subcontractors that lack such a system for source selection purposes. Confirmation of a subcontractor counterfeit electronic parts control plan that satisfies the requirements of this policy will consist of a review of said plan at the subcontractor’s location, including evidence of its implementation. The subcontractor is to be provided a copy of this policy prior to the review meeting. In all cases, GIT will work proactively with the subcontractor to ensure a smooth and expeditious resolution that is in the interests of both parties.
Purchase Order Flow Down	For COTS products and non-recurring engineering (NRE) initiated through a purchase order (PO), GIT will flow down this policy to ensure counterfeit avoidance compliance. When sourcing an electronic part from a supplier, the following requirements apply: Any order for electronic components from any supplier requires a CO, attesting that the supplier acquired those parts directly from the original manufacturer, and that those parts are not returns, nor were they sourced from a non-Category 1, 2, or 3 supplier. This requirement for a C of O must be included on the original PO. Any order for electronic components from any supplier shall request that the total quantity of any individual part be from a single manufacturing lot or date code.

5.9 POLICY FLOW DOWN

All GIT orders for electronic components from any supplier shall request that the total quantity of any individual part be from a single manufacturing lot or date code. In addition to minimizing variation in performance, it is less likely that a single manufacturing lot or date code across the total quantity represents parts from an unauthorized market source.

Subcontractor Flow Down

A subcontractor is defined as any supplier, distributor, vendor, or firm that furnishes supplies or services to or for GIT.

Subcontractors participating in GIT projects at all levels in the supply chain that are responsible for buying and selling electronic parts or assemblies containing electronic parts, or that perform authentication testing are required to comply with the notification, inspection, testing, and authentication requirements as listed in this policy. GIT shall be responsible for ensuring that these requirements are flowed down to subcontractors.

The subcontractor is required to meet one of the two options listed below:

Independent verification of electronic parts used in a subcontracted assembly will consist of a GIT review of the parts list and part sources to confirm that the latter are purchased from Category 1, 2, or 3 suppliers. In a competitive bid situation, an estimate of the cost to GIT of such a review may be applied to the bids of those subcontractors that lack such a system for source selection purposes.
Confirmation of a subcontractor counterfeit electronic parts control plan that satisfies the requirements of this policy will consist of a review of said plan at the subcontractor’s location, including evidence of its implementation. The subcontractor is to be provided a copy of this policy prior to the review meeting.

In all cases, GIT will work proactively with the subcontractor to ensure a smooth and expeditious resolution that is in the interests of both parties.

Purchase Order Flow Down

For COTS products and non-recurring engineering (NRE) initiated through a purchase order (PO), GIT will flow down this policy to ensure counterfeit avoidance compliance.

When sourcing an electronic part from a supplier, the following requirements apply:

Any order for electronic components from any supplier requires a CO, attesting that the supplier acquired those parts directly from the original manufacturer, and that those parts are not returns, nor were they sourced from a non-Category 1, 2, or 3 supplier. This requirement for a C of O must be included on the original PO.
Any order for electronic components from any supplier shall request that the total quantity of any individual part be from a single manufacturing lot or date code.

5.10 CONTINUING EDUCATION ON COUNTERFEIT PARTS
	GIT will require periodic training of counterfeit parts avoidance trends for applicable employees via online training and conferences.

5.11 MONITORING POLICY UPDATES
	GIT has access to the GIDEP and other credible sources for information pertaining to updated counterfeit parts advisories. For access to these reports, please direct any inquiries to PMSO.

5.11 MONITORING POLICY UPDATES

GIT has access to the GIDEP and other credible sources for information pertaining to updated counterfeit parts advisories.

For access to these reports, please direct any inquiries to PMSO.

5.12 CONTROL OF OBSOLETE ELECTRONIC PARTS
	GIT shall avoid the use of obsolete parts on new designs. All parts lacking traceability shall be considered as obsolete parts.

Frequently Asked Questions

Question: What is an electronic part?

Answer: An integrated circuit, a discrete electronic component (including, but not limited to, a transistor, capacitor, resistor, or diode), or a circuit assembly. The term “electronic part” includes any embedded software or firmware.

Question: What is an electronic counterfeit part?

Answer: A counterfeit electronic part is an unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer. The United States (U.S.) Congress has directed that the Department of Defense (DoD) take specific actions to “prevent, detect, investigate, and remediate counterfeiting in the DoD supply chain.”

Question: How does this policy pertain to GIT?

Answer: DoD contracts that are subject to DFARS 252.246-7007 are required to develop and execute a counterfeit parts policy in order to prevent counterfeit parts from entering the government supply chain. This policy describes the set of controls designed to eliminate or mitigate the risk of utilizing counterfeit electronic components in GIT’s delivered hardware.

Question: To whom does this policy apply?

Answer: The Counterfeit Electronic Part Detection and Avoidance Policy applies to all GIT Personnel who purchase or specify the purchase of electronic components for use in DoD delivered hardware on contracts that are subject to DFARS 252.246-7007.

This process applies to electronic components utilized by, or incorporated into, the fabrication, assembly, or test of prototype hardware that is to be provided for evaluation or service to U.S. Government sponsors. This process is also provided as a recommended practice for all programs. This includes electronic assemblies or subsystems that are designed and built to project requirements by third party original design manufacturers (ODMs), as well as hardware that is designed by GIT but then outsourced to a contract manufacturer (CM) for assembly.

Excluded from these requirements are electronic components procured for use in equipment intended for internal purposes (e.g. research, development, problem resolution, testing theories, trying new ideas, etc.), and which are not planned to be provided to sponsors. However, GIT still encourages the procurement of parts through approved venders as identified in this policy.

Also excluded are unmodified commercial off-the-shelf (COTS) assemblies or subsystems, procured from original equipment manufacturers (OEMs), unless otherwise specified in the project plan or mission assurance plan.

Question: Who is responsible for the implementation of this policy?

Answer: Implementation is the responsibility of any individual or organization, internal or external to GIT, which is involved in sourcing such parts in support of program hardware provided to U.S. Government sponsors.

Question: What types of counterfeits are there?

Answer: Counterfeit parts may consist of recycled, remarked, overproduced, out-of-specification/defective, cloned, received forged documentation, cloned, or tampered parts.

Question: Are parts other than electronic parts to be covered by this policy?

Answer: This policy currently addresses only counterfeit electronic parts. As future DFARS pronouncements expand the scope of the required Counterfeit Detection and Avoidance System (CDAS) to additional parts categories, the scope of this policy will expand accordingly.

Question: How does this policy affect parts purchased for internal projects or use (IRAD, Testing, RI needs, etc.)?

Answer: Although not subject to DFARS 252.246-7007, the purchase of any electronic parts for internal use can also introduce counterfeit parts into GIT supply and affect the safety and/or quality of assemblies and products. It is advisable to mitigate this risk by following the purchasing guidelines outlined within this policy.

Question: What is the process for reporting suspected counterfeit parts to GIDEP?

Answer: GIT PDs, PIs, and Program Managers (PMs) shall work with the supplier to verify counterfeit determination and shall issue a Government-Industry Data Exchange Program (GIDEP) Advisory (suspect counterfeit part, but confirmed genuine) or GIDEP Alert (confirmed as counterfeit). Such reports are to be issued within 30 days of the initial escalation. For access to GIDEP, please direct any inquiries to PMO.

Refer to Section 5.6 for quarantine procedures if a suspected counterfeit part is identified and notify PMO.

Question: Is the supplier’s certification, listed on their website that considered reliable?

Answer: No. GIT Personnel may, however, rely on the original manufacturer’s list of authorized suppliers to gain comfort that electronic parts purchased from that supplier are genuine. However, any certification must come from the Original Component Manufacturer (OCM), not the reseller.

Question: What is the importance of visual inspections?

Answer: Visual inspection on electronic parts and packaging is important to detect nonconforming and suspect counterfeit characteristics ahead of time, to prevent, investigate, and remediate counterfeiting into the government supply chain.

Visual Inspection is required on projects that purchase electronic components for use in DoD delivered hardware on contracts that are subject to DFARS 252.246-7007. PMO has PM Professionals who are certified component inspectors. Please direct any inquiries to PMO.

Question: What if traceability cannot be established?

Answer: Contact PMO if traceability of parts cannot be obtained.

Question: What should a Risk Matrix for Counterfeit Parts look like?

Answer: The sponsor may have specific requirements of what the Risk Matrix should contain. If no specifics are required, a template is attached to this policy.

Question: Who can help determine the level of risk and associated tests needed if purchasing Category 3 electronic parts?

Answer: Contact PMO for assistance with establishing a risk assessment and test sequence program as prescribed in SAE-AS6171.

Question: How often is the Counterfeit Electronic Part Detection and Avoidance Policy updated?

Answer: This policy is reviewed and updated on a yearly basis.

Question: Who should be contacted for questions or assistance?

Answer: Contact PMO or unit management with any questions or requests for assistance.

Form Links

Help Request – General PMO Help Request

Responsibilities

It is the responsibility of all personnel who handle electronic components or assemblies containing electronic components at any point in the inspection, assembly, and test flow to be aware of and to report any attribute, feature, or performance parameters that may indicate that the part is not genuine. The unit is responsible for establishing internal requirements for approval and delegation of authority to purchasing electronic parts.

Project Management Office

The Project Management Support Office (PMO-GTRI) is responsible for the implementation of the policy.

Georgia Tech organizational unit management

Project Directors (PDs)
Principal Investigators (PIs)
Program Managers (PMs)

Enforcement

It is the responsibility of the purchase requestor to be sure that the policy is adhered to during the acquisition of electronic parts.

Related Information

Government Number
Document Number	Document Title, Revision, and Date
DFARS 246.870	SubPart 246.8 – Contractor Liability for Loss of or Damage to Property of the Government, Revised October 21, 2016
DFARS 252.246-7007	Contractor Counterfeit Electronic Part Detection and Avoidance System, August 2016
DFARS 252.246-7008	Sources of Electronic Parts
DFARS 231.205-71	SubPart 231.2 - Contracts With Commercial Organizations
Industry Documents
Document Number	Document Title, Revision, and Date
IDEA-STD-1010B	Acceptability of Electronic Components Distributed in the Open Market
JEDEC JESD-243	Counterfeit Electronic Parts: Non-Proliferation for Manufacturers
SAE AS5553B	Counterfeit Electrical, Electronic, and Electromechanical Parts; Avoidance, Detection, Mitigation, and Disposition
SAE AS6081	Fraudulent/Counterfeit Parts: Avoidance, Detection, Mitigation, and Disposition - Distributors
SAE AS6171	Test Methods Standard; General Requirements, Suspect/Counterfeit Electrical, Electronic, and Electromechanical Parts
Other Reference Items
CASL	Category 2 List of Suppliers Category 3 List of Testers
ECIA	ECIA maintains a database (https://www.eciaauthorized.com/en) of verified authorized suppliers. The ECIA database is an alternative source for verifying authorized suppliers and shall be archived with purchase documentation.
ERAI	ERAI, Inc. is a global information services organization that monitors, investigates, and reports issues affecting the global electronics supply chain.
GIDEP	GIDEP is a cooperative activity between government and industry participants seeking to reduce or eliminate expenditures of resources by sharing technical information essential during research, design, development, production and operational phases of the life cycle of systems, facilities and equipment.
PMO Help Request and Email	Help Request Link Email:pmo@gtri.gatech.edu

Policy History

Revision Date	Author	Description
7/22/2021	GTRI PMO	Editorial Updates
09/15/2017	GTRI PMO	Transitioned to a GTRI internal memorandum for record
TBD		New Policy

Policy Library

Search

Counterfeit Electronic Part Detection and Avoidance

Georgia Institute of Technology