Skip Navigation

Email Updates E-mail subscriptions envelope Font Size Reduce Text Size Enlarge Text Size     Print Print     Download Reader PDF

HHS Home > OCIO Home > Policy

OCIO Home

About the OCIO

Enterprise Architecture

Policy

Capital Planning & Budget

Enterprise Performance Life Cycle

Resource Management

IT Security & Privacy

Records Management

Information Collection / Paperwork Reduction Act

IT Infrastructure and Operations

HHSD IT PMO

Enterprise Applications Development

E-Government & President's Management Agenda

Plans & Reports

OCIO Site Map

ASA Home

Purchasing Noncommercial Computer Software

DATE:               January 11, 2012

 

TO:                     Operating and Staff Division Executive Officers

                           Heads of Contracting Activity

 

FROM:                           /s/           

                           John Teeter, HHS Chief Information Officer (Acting)

                          

                                       /s/           

                           Angela Billups, Ph.D., Senior Procurement Executive

 

SUBJECT:         Guidance for Purchasing Noncommercial Computer Software and “Open Source” Licenses

 

The Office of the Chief Information Officer (OCIO) and Health and Human Services Domain IT Program Management Office (HHSD IT PMO) has identified the need for consistent open source language in IT acquisitions where appropriate. This memorandum is intended to provide guidance on the appropriate Federal Acquisition Regulation (FAR) provisions, clauses, and additional language that should be included in solicitations and the resulting contracts for noncommercial computer software and “open source” licenses. This language was presented to the Health and Human Services Domain IT Steering Committee at their inaugural meeting and should be distributed throughout the acquisition community; including Contracting Officer’s Representatives and project and program managers.

 

Background

HHS has occasionally faced issues surrounding the release of software developed by contractors using HHS resources. These issues have stemmed primarily from either missing or inadequate contract language regarding government rights. Often, the issue has not been discovered until the contract is nearing completion or at a critical development/production stage when decisions need to be made regarding potential use of licenses, reuse of system components, distribution of software or code, or other operational needs.

Business owners/project managers must determine the full intent of what the government wants to do with software that is developed on its behalf (e.g., own, distribute, reproduce software code) or the concerns surrounding reuse of software licenses as part of acquisition planning. The business owner/project manager must then provide the necessary information clearly identifying the government’s legal intent concerning ownership to the supporting acquisition team and Contracting Officer (CO). In turn, the acquisition team and CO will consult with the FAR to ensure that the appropriate FAR provisions and clauses (including, but not limited to, 52.227-14 Rights in Data -- General or 52.227-17 Rights in Data -- Special Works) are used to convey the government’s intent to maintain ownership rights. To the extent that the Government intends to enter into a contract with a contractor to produce software that the agency intends to make available to the public via an open source license, notice of such intent on the government’s part should be clearly set forth in the solicitation, as well as the resultant contract. 

Proposal

In most cases the government’s objective, when purchasing noncommercial computer software, is to distribute the software to the public under an “open source” license.  Such licenses can take many forms, but they typically allow the end-user to freely use the software, make improvements and even commercialize those improvements.   The open source license is distributed with the software, and the simultaneous distribution of the license with the software is often the only requirement of the license.  In order to affect the open source license, the government must retain an ownership interest in the software copyright.  It is therefore important to include the appropriate FAR provisions and clauses in the solicitation and contract.  The Rights in Data -- General (52.227-14) or the Rights in Data -- Special Works (52.227-17) clause should be included in solicitations and contracts for the procurement of software that the government may want to distribute to the public.  Generally, the contract should contain only one data rights clause.  However, where more than one is needed, the contract should distinguish the portion of contract performance to which each pertains.  The inclusion of the appropriate clause in the solicitation and contract provides the government with “unlimited rights” (a FAR-defined term) to the software.  These rights are adequate for the government to distribute the software under a typical open source license.  If HHS anticipates that it will be important to later enforce the terms of the open source license, it should assure that it obtains an assignment of copyright from the contractor.  Appropriate use of the FAR provisions and clauses in conjunction with the attached additional language will be sufficient for the CO to require the execution of a copyright assignment at government discretion.

 

Action

The attached guidance should be used to: (a) help program and project managers make sound decisions in protecting the government’s rights to distribute software and (b) provide supporting language to the acquisition team and CO. The guidance states the appropriate section of the solicitation and resulting contract for inserting the language.  Please feel free to contact Dr. Theresa Cullen (theresa.cullen@hhs.gov), 202-619-2493, if you have concerns regarding this guidance. 

Attachment: Noncommercial Computer Software Contract Language

Noncommercial Computer Software Contract Language

Background Information.

FAR part 52.227-14 (“Rights in Data -- General”) or 52.227-17 (“Rights in Data -- Special Works”) should be referenced in every contract for the procurement of noncommercial computer software.  These provisions are mutually exclusive--use only one or the other.  However, in rare cases when more than one is needed, the solicitation and contract should distinguish the portion of contract performance to which each pertains.  When using 52.227-14, Alternative IV should be used only if the government has no interest in retaining the ability to distribute the software to the public--the government’s “use” license in that case expressly prohibits such distribution. 

 

The 52.227-14 provision provides the government with unlimited rights in computer software, including source code, made under the contract.  But it also allows the contractor to freely use it and distribute it to the public. 

 

If the government wants to be able to use or distribute the computer software, it is imperative that the computer software, including the source code if it is required by the procuring program, be included as a deliverable.

 

The 52.227-17 provision should be used when the government wants to have absolute control over the use and distribution of the software.  It provides the government with all rights in computer software made under the contract, and prohibits the contractor from using or distributing the computer software without the permission of the Contracting Officer.

 

As noted above, the two FAR provisions are mutually exclusive, except in rare cases where more than one is necessary, the contract should distinguish the portion of contract performance to which it pertains.  Therefore, the Contracting Officer should include only one of the clauses in the solicitation and resulting contract.

 

Noncommercial computer software means software that does not qualify as commercial in nature (e.g., commercial off the shelf (COTS) products). The following language should be used as appropriate in noncommercial computer software contracts. Each section includes an instruction providing where the information should be included in the contract.

 

General. {Insert in Section C, Statement of Work}

The Contractor shall ensure that computer software operated on behalf of the Government is fully functional and operates correctly on systems configured in accordance with government policy regarding configuration requirements. The Contractor shall test applicable products and versions with all relevant and current updates and patches updated prior to installing in the government environment.

 

 “Computer software” means:

  1. Computer programs that comprise a series of instructions, rules, routines, or statements, regardless of the media in which recorded that allow or cause a computer to perform a specific operation or series of operations; and
  2. Recorded information comprising source code listings, design details, algorithms, processes, flow charts, formulas, and related material that would enable the computer program to be produced, created, or compiled.

General Security Requirements. {Insert in Section C, Statement of Work}

IT security requirements must be incorporated into all phases of program planning and execution, from budgeting to close-out and the implementation of those requirements should align with the HHS Enterprise Performance Life Cycle (EPLC). The Contractor shall comply with security requirements, EPLC processes, and Enterprise Architecture, to ensure proper and confidential handling of data and information. 

 

The Contractor shall refer to the HHS-OCIO Policy for Information Systems Security and Privacy, dated July 7, 2011. The Contractor shall become familiar with the HHS Departmental Information Security Policies, which may be found at http://www.hhs.gov/ocio/policy/. The HHS Cybersecurity Program develops policies, procedures, and guidance to serve as a foundation for the HHS information security program.  These documents implement relevant Federal laws, regulations, standards, and guidelines that provide a basis for the information security program at the Department. The Contractor must become familiar with HHS Cybersecurity Program guidelines as presented at http://www.hhs.gov/ocio/policy/index.html#Security

 

Contractors must follow and adhere to National Institute of Standards and Technology (NIST) Special Publication (SP) 800-64 Security Considerations in the System Development Life Cycle http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf, at a minimum, for system development. This requirement may include providing system documentation at designated intervals within the EPLC that require artifact review.

 

Unauthorized Disclosure. {Insert in Section C, Statement of Work}

The Contractor shall protect information that is deemed sensitive from unauthorized disclosure to persons, organizations or subcontractors who do not have a need to know the information.  Information which, either alone or in aggregate, is deemed sensitive or proprietary by the Government shall be protected as instructed in accordance with the magnitude of the loss or harm that could result from inadvertent or deliberate disclosure, alteration, or destruction of the data.  This language also applies to all subcontractors that are performing under this contract.

 

Unlimited Rights. {Insert in Section H, Special Contract Requirements}

“Unlimited Rights” means the rights of the Government to use, disclose, reproduce, prepare derivative works, distribute copies to the public, and perform publicly and display publicly, in any manner and for any purpose, and to have or permit others to do so.

 

The Government shall have unlimited rights in:

  1. Computer software developed exclusively with Government funds;
  2. Computer software documentation required to be delivered under a Government contract;
  3. Corrections or changes to computer software or computer software documentation furnished to the contractor by the Government;
  4. Computer software or computer software documentation that is otherwise publicly available or has been released or disclosed by the contractor or subcontractor without restrictions on further use, release or disclosure other than a release or disclosure resulting from the sale, transfer, or other assignment of interest in the software to another party or the sale or transfer of some or all of a business entity or its assets to another party;
  5. Computer software or computer software documentation obtained with unlimited rights under another Government contract or as a result of negotiations; or
  6. Computer software or computer software documentation furnished to the Government, under a Government contract or subcontract with—

 

(i)  Restricted rights in computer software, limited rights in technical data, or government purpose license rights and the restrictive conditions have expired; or

 

(ii)  Government purpose rights and the contractor's exclusive right to use such software or documentation for commercial purposes has expired.

Government Purpose Rights. {Insert in Section H, Special Contract Requirements}

“Government purpose rights” means the rights to—

  1. Use, modify, reproduce, release, perform, display, or disclose computer software or computer software documentation within the Government without restriction; and
  2. Release or disclose computer software or computer software documentation outside the Government and authorize persons to whom release or disclosure has been made to use, modify, reproduce, release, perform, display, or disclose the software or documentation for United States government purposes.

 

The Government shall have government purpose rights in software developed with mixed funding.  No such software will be used under the contract without the express written permission of the Contracting Officer.  The period during which government purpose rights are effective is negotiable.

 

Restricted Rights. {Insert in Section H, Special Contract Requirements}

“Restricted rights” means the Government's rights to—

(i)  Use a computer program with one computer at one time.  The program may not be accessed by more than one terminal or central processing unit or time shared unless otherwise permitted by this contract;

 

(ii) Transfer a computer program to another Government agency without the further permission of the Contractor if the transferor destroys all copies of the program and related computer software documentation in its possession and notifies the licensor of the transfer.  Transferred programs remain subject to the provisions of this clause;

 

  1. Make the minimum number of copies of the computer software required for safekeeping (archive), backup, or modification purposes;

 

The Government obtains restricted rights in noncommercial computer software, required to be delivered or otherwise provided to the Government under a contract, which was developed exclusively at private expense and established with a limited rights legend describing the limitation(s) and created at the expense of the Contractor and not specified within the Statement of Work or performance evaluating factor.  No such software will be used under the contract without the express written permission of the Contracting Officer. 

 

If the Government desires to obtain additional rights in software in which it has restricted rights, the Contractor agrees to promptly enter into negotiations with the Contracting Officer to determine whether there are acceptable terms for transferring such rights. All data in which the Contractor has granted the Government additional rights shall be listed or described in a license agreement made part of the contract.

 

Third party copyrighted data. {Insert in Section H, Special Contract Requirements}

The Contractor shall not, without the written approval of the Contracting Officer, incorporate any copyrighted data in the data to be delivered under this contract unless the Contractor is the copyright owner or has obtained for the Government the license rights necessary to perfect a license or licenses in the deliverable data within the defined scope of work.

HHS Home | HHS/Open | Contacting HHS | Accessibility | Privacy Policy | FOIA | Disclaimers | Plain Writing Act | No FEAR Act | Viewers & Players
The White House | USA.gov | Inspector General | Recovery Act | PaymentAccuracy.gov | HHS Archive | Environmental Justice

U.S. Department of Health & Human Services - 200 Independence Avenue, S.W. - Washington, D.C. 20201