A community resource for the acquisition workforce not a .gov website
part52.dev Federal Acquisition Clause Monitor
FAR Clause ACTIVE

52.204-23

Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities.
View on acquisition.gov · View on eCFR.gov
Effective Date
DEC 2023
Active Deviations
1
Versions
3 (since 2021-11-04)
RFO
RFO Removes This Clause

The Revolutionary FAR Overhaul marks this clause as [Reserved]. The clause content below is as it appears in the most recent eCFR data, which has not yet incorporated the RFO. For contracts using the RFO model, this clause is removed.

View RFO reservation
DEV
This clause is modified by 1 active class deviation
  • 2023-O0008 — Class Deviation 2023-O0008 – Commercial Products and Commercial Services Omnibus Clause for Acquisitions Using the Procurement Desktop-Defense System
View per-deviation details → 
52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities.

As prescribed in 4.2004, insert the following clause:

Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities (DEC 2023)

(a)
Definitions.
As used in this clause—

Kaspersky Lab covered article
means any hardware, software, or service that—

(1) Is developed or provided by a Kaspersky Lab covered entity;

(2) Includes any hardware, software, or service developed or provided in whole or in part by a Kaspersky Lab covered entity; or

(3) Contains components using any hardware or software developed in whole or in part by a Kaspersky Lab covered entity.

Kaspersky Lab covered entity
means—

(1) Kaspersky Lab;

(2) Any successor entity to Kaspersky Lab, including any change in name,
e.g.,
"Kaspersky";

(3) Any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or

(4) Any entity of which Kaspersky Lab has a majority ownership.

(b)
Prohibition.
Section 1634 of Division A of the National Defense Authorization Act for Fiscal Year 2018 (Pub. L. 115-91) prohibits Government use of any Kaspersky Lab covered article. The Contractor is prohibited from—

(1) Providing any Kaspersky Lab covered article that the Government will use on or after October 1, 2018; and

(2) Using any Kaspersky Lab covered article on or after October 1, 2018, in the development of data or deliverables first produced in the performance of the contract.

(c)
Reporting requirement.
(1) In the event the Contractor identifies a Kaspersky Lab covered article provided to the Government during contract performance, or the Contractor is notified of such by a subcontractor at any tier or any other source, the Contractor shall report, in writing, to the Contracting Officer or, in the case of the Department of Defense, to the website at
https://dibnet.dod.mil.
For indefinite delivery contracts, the Contractor shall report to the Contracting Officer for the indefinite delivery contract and the Contracting Officer(s) for any affected order or, in the case of the Department of Defense, identify both the indefinite delivery contract and any affected orders in the report provided at
https://dibnet.dod.mil.

(2) The Contractor shall report the following information pursuant to paragraph (c)(1) of this clause:

(i) Within 3 business days from the date of such identification or notification: The contract number; the order number(s), if applicable; supplier name; brand; model number (Original Equipment Manufacturer (OEM) number, manufacturer part number, or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended.

(ii) Within 10 business days of submitting the report pursuant to paragraph (c)(1) of this clause: Any further available information about mitigation actions undertaken or recommended. In addition, the Contractor shall describe the efforts it undertook to prevent use or submission of a Kaspersky Lab covered article, any reasons that led to the use or submission of the Kaspersky Lab covered article, and any additional efforts that will be incorporated to prevent future use or submission of Kaspersky Lab covered articles.

(d)
Subcontracts.
The Contractor shall insert the substance of this clause, including this paragraph (d), in all subcontracts including subcontracts for the acquisition of commercial products or commercial services.

(End of clause)

[83 FR 28144, June 15, 2018, as amended at 86 FR 61032, Nov. 4, 2021; 88 FR 69513, Oct. 5, 2023]
4.2004
The contracting officer shall insert the clause at 52.204-23, Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities, in all solicitations and contracts.
Prescription data sourced from eCFR as of 2026-06-10 03:16 UTC. Cross-references within the prescription are not resolved automatically.

Regulatory Stack

The layers of regulation that govern this clause, from the FAR prescription through agency-specific supplements and any active deviations.

RFO RFO Version Overhauled clause text
The Revolutionary FAR Overhaul publishes a revised version of this clause. See the RFO Version tab for the controlling authority under the RFO model.

Search on acquisition.gov

FAR FAR Prescription 4.2004
The contracting officer shall insert the clause at 52.204-23, Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities, in all solicitations and contracts.

View on acquisition.gov · View on eCFR.gov

DEVIATION Active Class Deviations 1 deviation
2023-O0008: Class Deviation 2023-O0008 – Commercial Products and Commercial Services Omnibus Clause for Acquisitions Using the Procurement Desktop-Defense System

Version History

Version history is sourced from the codified eCFR. Changes published only as class deviations or by the Revolutionary FAR Overhaul do not appear here until they are incorporated into the eCFR. For RFO-driven changes see the RFO Version tab and any active deviations cited above.

3 versions tracked from 2021-11-04 to 2023-12-04.
DEC 2023 December 4, 2023 CURRENT SUBSTANTIVE
Removed in this version
Added in this version
Unchanged
OCT 2023 (previous)
DEC 2023 (current)
2 added
(a)
(a) Definitions. As used in this clause— Covered article means any hardware, software, or service that—
(a)
(a) Definitions. As used in this clause— Kaspersky Lab covered article means any hardware, software, or service that—
2 added
(1)
(1) Providing any covered article that the Government will use on or after October 1, 2018; and
(1)
(1) Providing any Kaspersky Lab covered article that the Government will use on or after October 1, 2018; and
2 added
(b)
L. 115-91) prohibits Government use of any covered article. The Contractor is prohibited from—
(b)
L. 115-91) prohibits Government use of any Kaspersky Lab covered article. The Contractor is prohibited from—
2 added
(c)
(c) Reporting requirement. (1) In the event the Contractor identifies a covered article provided to the Government during contract performance, or the Contractor is notified of such by a subcontractor at any tier or any other source, the Contractor shall report, in writing, to the Contracting Officer or, in the case of the Department of Defense, to the website at https://dibnet.dod.mil. For indefinite delivery contracts, the Contractor shall report to the Contracting Officer for the indefinite delivery contract and the Contracting Officer(s) for any affected order or, in the case of the Department of Defense, identify both the indefinite delivery contract and any affected orders in the report provided at https://dibnet.dod.mil.
(c)
(c) Reporting requirement. (1) In the event the Contractor identifies a Kaspersky Lab covered article provided to the Government during contract performance, or the Contractor is notified of such by a subcontractor at any tier or any other source, the Contractor shall report, in writing, to the Contracting Officer or, in the case of the Department of Defense, to the website at https://dibnet.dod.mil. For indefinite delivery contracts, the Contractor shall report to the Contracting Officer for the indefinite delivery contract and the Contracting Officer(s) for any affected order or, in the case of the Department of Defense, identify both the indefinite delivery contract and any affected orders in the report provided at https://dibnet.dod.mil.
2 added, 2 removed
(i)
(i) Within 1 business day from the date of such identification or notification: The contract number; the order number(s), if applicable; supplier name; brand; model number (Original Equipment Manufacturer (OEM) number, manufacturer part number, or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended.
(i)
(i) Within 3 business days from the date of such identification or notification: The contract number; the order number(s), if applicable; supplier name; brand; model number (Original Equipment Manufacturer (OEM) number, manufacturer part number, or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended.
6 added
(ii)
(ii) Within 10 business days of submitting the report pursuant to paragraph (c)(1) of this clause: Any further available information about mitigation actions undertaken or recommended. In addition, the Contractor shall describe the efforts it undertook to prevent use or submission of a covered article, any reasons that led to the use or submission of the covered article, and any additional efforts that will be incorporated to prevent future use or submission of covered articles.
(ii)
(ii) Within 10 business days of submitting the report pursuant to paragraph (c)(1) of this clause: Any further available information about mitigation actions undertaken or recommended. In addition, the Contractor shall describe the efforts it undertook to prevent use or submission of a Kaspersky Lab covered article, any reasons that led to the use or submission of the Kaspersky Lab covered article, and any additional efforts that will be incorporated to prevent future use or submission of Kaspersky Lab covered articles.
OCT 2023 October 5, 2023 SUBSTANTIVE
Removed in this version
Added in this version
Unchanged
NOV 2021 (previous)
OCT 2023 (current)
5 added, 2 removed
(d)
(d) Subcontracts. The Contractor shall insert the substance of this clause, including this paragraph (d), in all subcontracts, including subcontracts for the acquisition of commercial items. (End of clause)
(d)
(d) Subcontracts. The Contractor shall insert the substance of this clause, including this paragraph (d), in all subcontracts including subcontracts for the acquisition of commercial products or commercial services. (End of clause)
NOV 2021 November 4, 2021 SUBSTANTIVE
Earliest version available from the eCFR

RFO Version

Comparison of the codified eCFR text against the Revolutionary FAR Overhaul revision. Highlights show additions (green) and deletions (red, struck through).

Clause Text

RFO marks this clause as Reserved. The Revolutionary FAR Overhaul removed this clause under the overhauled FAR model. The eCFR text on the Current Text tab remains in force for contracts not using the RFO model.

Prescription

RFO prescription not available. See the eCFR prescription on the Prescription tab.

Source: acquisition.gov RFO Part 52

Active Class Deviations

2023-O0008
Class Deviation 2023-O0008 – Commercial Products and Commercial Services Omnibus Clause for Acquisitions Using the Procurement Desktop-Defense System Modify clause 52.204-23
MODIFIED

Related Clauses

Referenced by

52.212-5 52.213-4 52.244-6
Use with AI assistant
Copy a link and prompt for use with Gemini or another AI assistant.