StacksVerified U.S. regulatory reference

48 CFR §1212.301

Verified against eCFR.gov as of June 20, 2026View official text on eCFR.gov
  1. (f)The following DOT provisions and clauses are authorized for use in acquisitions of commercial products or commercial services when required by the individual provision or clause prescription:
    1. (1)1252.201-70, Contracting Officer's Representative.
    2. (2)1252.204-70, Contractor Personnel Security and Agency Access.
    3. (3)1252.209-70, Organizational and Consultant Conflicts of Interest.
    4. (4)1252.209-71, Limitation of Future Contracting.
    5. (5)1252.211-70, Index for Specifications.
    6. (6)1252.216-70, Evaluation of Offers Subject to an Economic Price Adjustment Clause.
    7. (7)1252.216-71, Determination of Award Fee.
    8. (8)1252.216-72, Award Fee Plan.
    9. (9)1252.216-73, Distribution of Award Fee.
    10. (10)1252.216-74, Settlement of Letter Contract.
    11. (11)1252.222-70, Strikes or Picketing Affecting Timely Completion of the Contract Work.
    12. (12)1252.222-71, Strikes or Picketing Affecting Access to a DOT Facility.
    13. (13)1252.223-70, Removal or Disposal of Hazardous Substances—Applicable Licenses and Permits.
    14. (14)1252.223-71, Accident and Fire Reporting.
    15. (15)1252.223-73, Seat Belt Use Policies and Programs.
    16. (16)1252.232-70, Electronic Submission of Payment Requests.
    17. (17)1252.237-70, Qualifications of Contractor Employees.
    18. (18)1252.237-71, Certification of Data.
    19. (19)1252.237-72, Prohibition on Advertising.
    20. (20)1252.237-73, Key Personnel.
    21. (21)1252.239-70, Security Requirements for Unclassified Information Technology Resources.
    22. (22)1252.239-71, Information Technology Security Plan and Accreditation.
    23. (23)1252.239-72, Compliance with Safeguarding DOT Sensitive Data Controls.
    24. (24)1252.239-73, Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.
    25. (25)1252.239-74, Safeguarding DOT Sensitive Data and Cyber Incident Reporting.
    26. (26)1252.239-75, DOT Protection of Information About Individuals, PII, and Privacy Risk Management Requirements.
    27. (27)1252.239-76, Cloud Computing Services.
    28. (28)1252.239-77, Data Jurisdiction.
    29. (29)1252.239-78, Validated Cryptography for Secure Communications.
    30. (30)1252.239-79, Authentication, Data Integrity, and Non-Repudiation.
    31. (31)1252.239-80, Audit Record Retention for Cloud Service Providers.
    32. (32)1252.239-81, Cloud Identification and Authentication (Organizational Users) Multi-Factor Authentication.
    33. (33)1252.239-82, Identification and Authentication (Non-Organizational Users).
    34. (34)1252.239-83, Incident Reporting Timeframes.
    35. (35)1252.239-84, Media Transport.
    36. (36)1252.239-85, Personnel Screening—Background Investigations.
    37. (37)1252.239-86, Boundary Protection—Trusted Internet Connections.
    38. (38)1252.239-87, Protection of Information at Rest.
    39. (39)1252.239-88, Security Alerts, Advisories, and Directives.
    40. (40)1252.239-89, Technology Modernization.
    41. (41)1252.239-90, Technology Upgrades/Refreshment.
    42. (42)1252.239-91, Records Management.
    43. (43)1252.239-92, Information and Communication Technology Accessibility Notice.
    44. (44)1252.239-93, Information and Communication Technology Accessibility.
    45. (45)1252.242-70, Dissemination of Information—Educational Institutions.
    46. (46)1252.242-71, Contractor Testimony.
    47. (47)1252.242-72, Dissemination of Contract Information.