Reference Library
FAR & DFARS Clause Library
Plain-English explanations of FAR and DFARS clauses — with risk levels, compliance checklists, and flow-down rules. Built for government contractors who need answers fast.
20 clauses
- 252.204-7012DFARSCybersecurity
Safeguarding Covered Defense Information and Cyber Incident Reporting
Requires contractors to implement NIST SP 800-171 security controls to protect Covered Defense Information (CDI) processed on contractor information systems.
Critical Risk - 252.204-7019DFARSCybersecurity
Notice of NIST SP 800-171 DoD Assessment Requirements
Offerors must have a current (not older than 3 years) NIST SP 800-171 DoD Assessment on record in SPRS before contract award.
Critical Risk - 252.204-7020DFARSCybersecurity
NIST SP 800-171 DoD Assessment Requirements
Requires contractors to provide the Government access to facilities, systems, and personnel to conduct or verify NIST SP 800-171 assessments.
Critical Risk - 252.204-7021DFARSCybersecurity
Cybersecurity Maturity Model Certification Requirements
Requires contractor to maintain the CMMC level specified in the solicitation and have a current certification on record in SPRS.
Critical Risk - 52.239-2FARCybersecurity
Access to FedRAMP Security Assessment Framework
Cloud services must be FedRAMP authorized at the appropriate impact level (Low, Moderate, or High) prior to operation.
High Risk - Section 508FARAccessibility
Section 508 Accessibility Requirements
Electronic and information technology (EIT) developed, procured, or used must conform to Section 508 of the Rehabilitation Act.
High Risk - 52.219-8FARSmall Business
Utilization of Small Business Concerns
Requires contractors to maximize subcontracting opportunities for small business concerns.
Medium Risk - 52.219-9FARSmall Business
Small Business Subcontracting Plan
Prime contractors above the applicable threshold must submit a subcontracting plan with goals for small, small disadvantaged, women-owned, HUBZone, SDVOSB, and VOSB subcontracting.
High Risk - 52.222-41FARLabor
Service Contract Labor Standards
Service contracts above $2,500 must pay service employees at least the wage rates and fringe benefits determined by the Secretary of Labor in applicable Wage Determinations.
High Risk - 52.222-26FARLabor
Equal Opportunity
Prohibits discrimination against employees and applicants for employment based on race, color, religion, sex, sexual orientation, gender identity, or national origin.
Medium Risk - 52.203-13FAREthics
Contractor Code of Business Ethics and Conduct
Requires contractors with contracts over $6M exceeding 120 days to maintain a written code of ethics and have an ongoing awareness program and internal control system.
High Risk - 52.203-7FAREthics
Anti-Kickback Procedures
Requires prime contractors to have procedures to detect and prevent the payment or receipt of kickbacks in connection with subcontracts.
Medium Risk - 252.225-7048DFARSExport Control
Export-Controlled Items
Requires contractors to comply with all applicable export control laws and regulations including EAR (15 CFR 730-774) and ITAR (22 CFR 120-130).
High Risk - 252.227-7013DFARSIP / Data Rights
Rights in Technical Data—Noncommercial Items
Governs the Government's rights in technical data for noncommercial items.
High Risk - 252.227-7014DFARSIP / Data Rights
Rights in Noncommercial Computer Software
Governs the Government's rights in computer software and related documentation for noncommercial software developed under DoD contracts.
High Risk - 52.204-10FARReporting
Reporting Executive Compensation and First-Tier Subcontract Awards
Requires reporting of executive compensation and first-tier subcontract awards in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
Medium Risk - 52.204-21FARCybersecurity
Basic Safeguarding of Covered Contractor Information Systems
Requires basic safeguarding of contractor information systems that process, store, or transmit Federal contract information (FCI).
Medium Risk - 52.215-2FARGeneral
Audit and Records—Negotiation
Requires contractor to maintain books, records, documents, and other evidence related to contract performance for 3 years after final contract payment and make them available for Government examination.
Medium Risk - 52.232-7FARGeneral
Payments under Time-and-Materials and Labor-Hour Contracts
Establishes the payment mechanism for T&M and labor-hour contracts including hourly rate ceilings, material allowances, and invoice requirements.
Low Risk - 252.239-7010DFARSCybersecurity
Cloud Computing Services
Sets requirements for cloud computing services used to perform DoD contracts, including data residency (US-only), FedRAMP requirements, and incident reporting.
High Risk