But whether the clause has been included in your contract, or not, the prohibition applies as it is based on a statutory authority that became effective last October (October 1, 2018).
So what's wrong with Kaspersky anti-virus software? The Department of Homeland Security (DHS) is of the opinion that Kaspersky software presents an information security risk because of Kaspersky's Russian connections. A report out of the University of Illinois College of Law provides these thoughts:
- Russian law outlines a legal obligation by Kaspersky to assist Russian FSB (their Federal Security Service) in the execution of their duties including counterintelligence and intelligence activity.
- Russian law also permits FSB personnel to be embedded in private enterprises
- Because Kaspersky qualifies as an organizer of the dissemination of information on the Internet, it is required to provide the FSB with metadata and is also required to provide Russian officials with decryption keys for its data transmissions.
- Under Russian law, Kaspersky is required to install equipment for the FSB to monitor data transmissions.
Back in September, we reported on these pages a couple articles stating that many contractors are unprepared for October 1st 2018 deadline. In some cases, contractors are not even aware that Kaspersky is running on their networks because it came pre-installed with unrelated software. In other cases, contractors have attempted to remove Kaspersky but missed some instances because complete removal is more complicated that simply uninstalling the program. There is even a concern that some contractors don't believe the ban applies to them, when it most certainly does. It applies to subcontractors too.
In the event a contractor finds that it has violated this prohibition, it is required to notify the contracting officer within one day along with its mitigation actions and must submit a full report within 10 days. This is how serious the Government is taking the prohibition.