FAR 4.2004—Contract clause.
Plain-English Summary
FAR 4.2004 is a mandatory prescription for using a specific contract clause that implements the government’s prohibition on acquiring certain hardware, software, and services associated with Kaspersky Lab covered entities. In practical terms, it tells contracting officers that the clause at FAR 52.204-23 must be included in every solicitation and every contract, without exception based on dollar value, contract type, or competition method unless another FAR provision specifically overrides it. The section is narrow but important: it is not itself the substantive prohibition, but the instruction to insert the clause that carries the prohibition into the procurement instrument. For contractors, this means the restriction is embedded in the solicitation and contract from the outset, so they must review their supply chain, software, and service offerings for any Kaspersky-related content or origin issues before bidding or performance. For agencies, it ensures uniform implementation of the government-wide restriction and reduces the risk of inadvertently awarding work that includes prohibited products or services. In practice, this section matters because failure to include the clause can create compliance, performance, and enforcement problems later in the acquisition lifecycle.
Key Rules
Insert the required clause
The contracting officer must include FAR 52.204-23, Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities, in all solicitations and contracts. This is a mandatory prescription, not a discretionary one.
Applies to all solicitations
The clause must be placed in every solicitation, so offerors are on notice before award that the restriction applies. This helps prevent proposals based on prohibited products or services.
Applies to all contracts
The clause must also be included in every contract, ensuring the restriction remains enforceable during performance. The requirement is not limited to a particular contract type or procurement method.
Implements a Kaspersky-related prohibition
The clause addresses hardware, software, and services developed or provided by Kaspersky Lab covered entities. The section itself does not define the full scope of the prohibition, but it requires use of the clause that does.
Responsibilities
Contracting Officer
Insert FAR 52.204-23 into every solicitation and every contract covered by this prescription. Ensure the clause is present before issuance and award so the restriction is properly incorporated.
Agency
Support consistent implementation of the clause across procurements and ensure acquisition personnel understand that the clause is mandatory. Maintain acquisition procedures and templates that include the clause where required.
Contractor
Review proposed and existing hardware, software, and services for any Kaspersky Lab covered entity involvement and ensure compliance with the clause once incorporated. Avoid offering or performing with prohibited items or services.
Offeror
Evaluate the solicitation requirements before submitting a proposal and confirm that the offer does not rely on prohibited Kaspersky-related hardware, software, or services. Raise questions early if there is any uncertainty about compliance.
Practical Implications
Contracting officers should treat this as a required clause insertion, not a judgment call; omission can create a compliance defect in the solicitation or contract.
Contractors should screen their products, subcontractors, and service providers early, because Kaspersky-related issues can affect both proposal acceptability and contract performance.
Because the clause must appear in both solicitations and contracts, it should be built into templates and checklists to avoid accidental omission.
A common pitfall is assuming the restriction only matters for IT buys; the prescription says "all solicitations and contracts," so acquisition teams should not narrow it on their own.
If a procurement involves software, cybersecurity tools, managed services, or embedded technology, the clause deserves especially careful review to avoid downstream performance problems or corrective action.
Official Regulatory Text
The contracting officer shall insert the clause at 52.204-23 , Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities, in all solicitations and contracts.