Management of Cyber-Supply Chain Risks. The Government may perform a cyber-supply chain risk assessment of the awarded Contractor at any time during the period of performance. The Government may review any information provided by the Contractor to the Government as part of this contract action, along with any other information available to the Government from any other source, to assess the cyber-supply chain risk associated with the Contractor. The Government may monitor the following cyber-supply chain risk information, including, but not limited to:
1. Functionality and features of awarded products and services, including access to data and information system privileges;
2. The ability of a source to produce and deliver products and services as expected;
3. Foreign control of, or influence over, a source, product or service (e.g., foreign ownership, personal and professional ties between a source and any foreign entity, legal regime of any foreign country in which a source is headquartered or conducts operations);
