Counterfeit Parts Prevention for Government Contractors

Counterfeit parts are unauthorized copies, clones, or recycled components misrepresented as genuine. They threaten mission readiness, safety, and national security.

Why counterfeit parts are a major concern:

• Safety risk: Parts may fail catastrophically in aircraft, weapons, or critical systems
• Performance degradation: Counterfeit components often have inferior specifications
• Cybersecurity threat: Malicious modifications or backdoors in electronics
• Supply chain integrity: Undermines trust and reliability
• Financial impact: Rework, recalls, warranty claims, contract penalties

Types of counterfeit parts:

• Recycled/remarked: Used parts cleaned, remarked, and sold as new
• Overproduced: Unauthorized additional production runs
• Out-of-spec: Parts that failed quality tests, then remarked
• Cloned: Unauthorized copies of genuine designs
• Forged documentation: Fake certifications, test reports, traceability
• Tampered: Genuine parts altered (date codes, grades, ratings)

High-risk categories:

• Electronic components (ICs, semiconductors, microprocessors)
• Obsolete or hard-to-find parts
• High-demand, expensive components
• Parts sourced through independent distributors or brokers
• Commercial off-the-shelf (COTS) items

Counterfeit entry points:

• Gray market and independent distributors
• Internet and e-commerce sales
• Overseas manufacturers and suppliers
• Unauthorized subcontractors
• Surplus and excess inventory resellers

DFARS 252.246-7007 and 252.246-7008:

Defense contractors must implement counterfeit prevention systems and controls.

DFARS 252.246-7007 — Contractor Counterfeit Electronic Part Detection and Avoidance System:

Applies to contractors supplying electronic parts or assemblies to DoD. Requires:

• Establish and maintain counterfeit electronic part detection and avoidance system
• Detect and avoid use, purchase, or inclusion of counterfeit or suspect counterfeit parts
• System must meet industry-recognized standards (e.g., AS6171, AS6496)
• Flow down to subcontractors at all tiers

Key definitions:

• Counterfeit electronic part: Unlawful or unauthorized reproduction, substitution, or alteration that has been misidentified or misrepresented
• Suspect counterfeit: Part with credible evidence it is counterfeit
• Electronic part: Integrated circuit, discrete electronic component, or assembly

DFARS 252.246-7008 — Sources of Electronic Parts:

Establishes sourcing hierarchy to minimize counterfeit risk:

1. Original Component Manufacturer (OCM) or OCM-authorized distributor
2. Contractors with counterfeit detection systems (AS6171, AS6496 compliant)
3. Independent distributors — only if (1) and (2) unavailable, with additional counterfeit risk mitigation

Sourcing from independent distributors:

If using non-authorized sources, contractor must:

• Conduct inspection, testing, and authentication
• Maintain records of authenticity determinations
• Make records available to government upon request

Reporting requirement:

• Report suspected counterfeit parts to:
• Government-Industry Data Exchange Program (GIDEP)
• Contracting Officer
• Within 60 days of discovery

Contractor liability:

• Contractor responsible for costs of counterfeit or suspect counterfeit parts and rework
• Unless counterfeit part was provided by government as Government Furnished Property (GFP)

AS6171 — Test Methods Standard: Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition:

Defines test methods and procedures for authenticating electronic parts:

• Visual inspection (marking, leads, package)
• X-ray inspection (internal construction, die attach)
• Destructive physical analysis (DPA)
• Electrical testing (parametric, functional)
• Material analysis (XRF, FTIR, SEM/EDS)
• Solderability and thermal cycling

AS6496 — Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition – Distributors:

Establishes requirements for independent distributors and test laboratories:

• Establish counterfeit parts avoidance program
• Qualify and monitor suppliers
• Implement receiving inspection and testing
• Maintain traceability and documentation
• Report suspect counterfeit to GIDEP
• Third-party certification available (IDEA, ERAI)

AS5553 — Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition:

Broader standard covering counterfeit avoidance programs for organizations:

• Management policies and procedures
• Training and awareness
• Supplier qualification and approved supplier lists
• Parts procurement controls
• Inspection and testing requirements
• Reporting and disposition

AS6081 — Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition – Plastic Encapsulated Microcircuits:

Specialized standard for plastic-encapsulated parts (largest counterfeit risk category):

• X-ray and decapsulation techniques
• Die and bond wire inspection
• Blacktopping detection (remarked ICs)

Implementing AS6171/AS6496 compliant system:

1. Adopt applicable SAE aerospace standards
2. Develop written counterfeit prevention plan
3. Establish supplier qualification and ASL
4. Define inspection and testing protocols
5. Train procurement and quality personnel
6. Implement traceability and documentation requirements
7. Establish GIDEP reporting procedures

Supplier risk assessment:

Evaluate suppliers based on counterfeit risk factors:

• Source type: OCM, authorized distributor, independent distributor, broker
• Certification: AS6496, IDEA-ICE-3000, ISO 9001, AS9100
• Track record: Past performance, quality history, counterfeit incidents
• Traceability: Ability to trace to OCM
• Quality systems: Inspection, testing, storage capabilities

Approved Supplier List (ASL):

• Maintain list of qualified, low-risk suppliers
• Prioritize OCMs and authorized distributors
• Qualify independent distributors meeting AS6496 or equivalent
• Periodically re-evaluate and audit ASL suppliers
• Require procurement from ASL for critical/high-risk parts

OCM and authorized distributor verification:

• Confirm authorization status directly with OCM
• Check OCM websites for authorized distributor lists
• Maintain evidence of authorization (letters, certificates)
• Beware of counterfeit authorization documents

Independent distributor qualification:

If using independent distributors, verify:

• AS6496 or IDEA-ICE-3000 certification
• Counterfeit prevention program documentation
• Inspection and testing capabilities
• GIDEP membership and reporting
• Traceability to OCM (certificates of conformance, datasheets)

Procurement controls:

• Purchase orders specify sourcing requirements (OCM, authorized distributor)
• Include counterfeit prevention flow-down clauses
• Require traceability documentation (C of C, test reports)
• Prohibit use of remarked, reclaimed, or refurbished parts without disclosure and approval
• Require parts be shipped in OCM packaging when possible

Supplier audits:

• Conduct on-site audits of high-risk suppliers
• Verify counterfeit prevention controls
• Inspect storage and handling facilities
• Review inspection/testing records
• Document findings and corrective actions

Receiving inspection protocol:

1. Visual inspection:
   • Markings: font, spacing, alignment, legibility
   • Date codes: format, consistency, age vs. claimed new parts
   • Packaging: OCM-consistent labels, seals, moisture barrier bags
   • Lead finish: oxidation, damage, re-tinning evidence
   • Uniformity: compare parts within lot for consistency
2. Documentation review:
   • Certificates of conformance (match part numbers, date codes)
   • Test reports (verify authenticity, contact lab if questionable)
   • Traceability to OCM (invoices, packing slips)
3. Advanced inspection (for high-risk parts):
   • X-ray inspection (internal bond wires, die attach, package integrity)
   • Electrical testing (parametric, functional per datasheet)
   • Material analysis (XRF for lead finish, decapsulation for die inspection)
   • Acetone test (check for blacktopping/remarking)

Red flags indicating suspect counterfeit:

• Inconsistent or irregular markings
• Sanding, polishing, or remarking evidence
• Mismatched date codes within a lot
• Parts older than expected for "new" stock
• Non-standard packaging or labeling
• Damaged, oxidized, or non-uniform leads
• Parts offered at prices significantly below market
• Supplier unable to provide OCM traceability

Test methods summary (AS6171):

Test	Purpose	Equipment
External visual	Detect remarking, package anomalies	Microscope, calipers
X-ray	Verify internal construction, die, bond wires	X-ray inspection system
Decapsulation	Visual inspection of die and internal features	Acid/plasma etch, microscope
XRF	Analyze material composition (lead finish, die)	X-ray fluorescence analyzer
Acetone test	Detect blacktopping (remarked ICs)	Acetone, cotton swabs
Electrical test	Verify functionality and parametrics	ATE, curve tracer, datasheet specs

Using third-party test labs:

• Engage accredited labs for advanced testing (AS6171 compliant)
• Provide clear test scope and criteria
• Review test reports for thoroughness and conclusions
• Common labs: Creative Electron, ERAI, GIDEP member labs

Sampling strategy:

• 100% visual inspection of high-risk parts
• Sample-based advanced testing (typically 5-10% of lot)
• Increase sampling for new suppliers or suspect lots
• Risk-based approach (critical parts, expensive parts, obsolete parts)

GIDEP reporting requirement:

Contractors must report suspect counterfeit parts to the Government-Industry Data Exchange Program (GIDEP):

• Within 60 days of discovery
• Submit via GIDEP online portal (www.gidep.org)
• Include detailed description, photos, test results
• Identify supplier and part number

GIDEP membership:

• Free to government and defense contractors
• Access to counterfeit alerts and database
• Participate in information sharing
• Register at www.gidep.org

What to report:

• Confirmed counterfeit parts (after testing/analysis)
• Suspect counterfeit (credible evidence, pending confirmation)
• Include photos of markings, packaging, internal features
• Test reports and findings
• Source information (supplier, date purchased)

Notification to contracting officer:

• Inform CO of suspect or confirmed counterfeit within 60 days
• Describe impact to contract performance
• Outline corrective actions and replacement plan
• Provide GIDEP report reference number

Disposition of counterfeit parts:

• Quarantine: Immediately segregate suspect parts to prevent use
• Mark: Clearly identify as suspect or confirmed counterfeit
• Testing: Conduct or arrange testing to confirm counterfeit status
• Return to supplier: If feasible, return for credit or replacement
• Destruction: Physically destroy to prevent re-entry to supply chain (shredding, crushing)
• Documentation: Maintain records of disposition actions

Impact assessment:

• Identify all contracts, assemblies, and end items affected
• Assess risk to safety, performance, security
• Determine if fielded systems require retrofit or recall
• Notify government customers of potential impact

Corrective and preventive actions:

• Investigate root cause (supplier, process gap, control failure)
• Implement corrective actions to address immediate issue
• Preventive actions to avoid recurrence (ASL update, supplier termination, enhanced testing)
• Document lessons learned and update procedures

Cost recovery:

• Pursue recovery from supplier if counterfeit was delivered
• Contractual remedies (indemnification, warranty)
• Legal action if supplier knowingly provided counterfeit
• Report to law enforcement if fraud suspected

Program elements (aligned with AS5553):

1. Leadership and policy

• Management commitment and counterfeit prevention policy
• Designated program manager or responsible individual
• Resources and authority to implement controls

2. Risk assessment

• Identify high-risk parts (electronic, obsolete, COTS)
• Assess supplier and sourcing risks
• Prioritize controls based on risk

3. Supplier management

• Approved Supplier List (ASL)
• Supplier qualification and audits
• Procurement controls and flow-down requirements

4. Inspection and testing

• Receiving inspection procedures (visual, documentation review)
• Risk-based advanced testing (X-ray, electrical, material analysis)
• Third-party lab engagement for complex testing

5. Training and awareness

• Train procurement, engineering, quality personnel
• Counterfeit recognition and red flags
• DFARS and industry standard requirements

6. Reporting and disposition

• GIDEP reporting procedures
• CO notification process
• Quarantine, testing, and destruction protocols

7. Continuous improvement

• Monitor GIDEP alerts and industry trends
• Review and update procedures
• Lessons learned from counterfeit incidents

Documentation requirements:

• Counterfeit prevention plan or quality manual section
• Approved Supplier List and qualification records
• Inspection and test procedures
• Training records
• Supplier purchase orders with flow-down clauses
• Receiving inspection and test reports
• GIDEP reports and CO notifications
• Disposition records for suspect/confirmed counterfeits

Integration with quality management system:

• Align with AS9100, ISO 9001, or other QMS
• Include in supplier management and receiving inspection processes
• Internal audits of counterfeit controls
• Management review of counterfeit incidents and metrics

Metrics and KPIs:

• Number of suspect counterfeit parts detected
• Percentage of parts sourced from OCM/authorized distributors
• Supplier qualification and ASL coverage
• Inspection and testing completion rates
• GIDEP report timeliness