Milenial/Legal/Government / Federal Addendum
Milenial Legal

Government / Federal Addendum

Supplemental terms for federal government users, contractors, and subcontractors.

Updated 12/3/2025v1

Document ID: GA-2024-001-FED · Effective Date: December 3, 2025

Applicability: Applies to all U.S. federal government users, contractors, and subcontractors

1. Purpose and Scope

This Government/Federal Addendum ("Addendum") supplements the Milenial Compliance Platform Terms of Service and applies when the Platform is used in connection with U.S. federal government contracts, subcontracts, or procurement activities. This Addendum addresses specific requirements under the Federal Acquisition Regulation (FAR) and other applicable government regulations.

2. Federal Acquisition Regulation (FAR) Clauses

2.1 Standard FAR Clauses

The following FAR clauses are incorporated by reference:

  • FAR 52.204-21 — Basic Safeguarding of Covered Contractor Information Systems
  • FAR 52.204-25 — Prohibition on Contracting for Certain Telecommunications
  • FAR 52.219-8 — Utilization of Small Business Concerns
  • FAR 52.222-21 — Prohibition of Segregated Facilities
  • FAR 52.222-26 — Equal Opportunity
  • FAR 52.222-35 — Equal Opportunity for Veterans
  • FAR 52.222-36 — Equal Opportunity for Workers with Disabilities
  • FAR 52.222-50 — Combating Trafficking in Persons

2.2 Cybersecurity FAR Clauses

  • FAR 52.204-19 — Use of System for Award Management
  • FAR 52.204-23 — Prohibition on Kaspersky Lab Products
  • FAR 52.204-24 — Telecommunications Representation
  • DFARS 252.204-7012 — Safeguarding Covered Defense Information

3. Government Data Handling Requirements

3.1 Federal Data Classifications

The Platform supports:

  • Controlled Unclassified Information (CUI) — Enhanced security controls
  • For Official Use Only (FOUO)
  • Sensitive But Unclassified (SBU)
  • Public Information

3.2 Data Storage and Processing

  • Government data stored in FedRAMP-authorized cloud environments
  • Data maintained within U.S. geographic boundaries
  • Encryption meets FIPS 140-2/3 standards
  • Regular security assessments and continuous monitoring

4. DCAA Audit Rights Provisions

4.1 Audit Access

Pursuant to FAR 52.215-2, authorized government auditors shall have:

  • Right to Examine Records: Access to all books, records, documents, and supporting data
  • Period of Retention: Records retained for 3 years after final payment or longer if required
  • Audit Timing: Reasonable notice for audits during normal business hours

4.2 Specific Audit Provisions

  • Cost Accounting Standards (CAS): Compliance with CAS 401-420 if applicable
  • Timekeeping Systems: Electronic timekeeping with audit trails
  • Billing Systems: Transparent billing with detailed cost breakdowns
  • Subcontractor Flow-Down: Audit rights extend to subcontractors

5. Government-Purpose Rights for Custom Developments

5.1 Custom Development Classifications

  • Government-Funded Development: Unlimited rights for developments funded entirely by the government
  • Mixed Funding: Government purpose rights for developments with mixed funding
  • Commercial Items: Standard commercial license terms apply

5.2 Marking Requirements

All deliverables shall be marked with appropriate rights notices per DFARS 252.227-7013 and DFARS 252.227-7014.

6. FedRAMP Compliance

6.1 Security Controls

  • NIST SP 800-53 Rev 5 security controls implemented
  • Continuous monitoring program in place
  • Annual third-party security assessments
  • Plan of Action and Milestones (POA&M) management

7. Section 508 Accessibility Compliance

The Platform is designed to align with Section 508 of the Rehabilitation Act and WCAG 2.1 Level AA guidelines:

  • Screen reader compatibility
  • Keyboard navigation support
  • Color contrast requirements
  • Alternative text for images
  • Accessible forms and error messages

8. Incident Response and Reporting

8.1 Cyber Incident Reporting

In accordance with DFARS 252.204-7012, cyber incidents involving covered defense information will be reported to DoD within 72 hours.

8.2 Data Breach Notification

Government agencies will be notified within 24 hours of confirmed data breaches affecting government data.

9. Contract Termination and Data Return

Upon contract termination or expiration:

  • All government data returned within 30 days
  • Data destruction certification provided
  • Transition assistance available for 90 days
  • Access credentials revoked

Government data returned in standard formats: JSON, CSV, or XML for structured data; PDF/A for documents.

10. Governing Law and Disputes

This Addendum is governed by federal law and the Contract Disputes Act of 1978. Disputes shall be resolved through the contracting officer and, if necessary, the appropriate Board of Contract Appeals or the U.S. Court of Federal Claims.

11. Contact Information

Government Contracts Office:

  • Email: contracts@milenialinc.com
  • Address: 1181 Rock Elm Dr, Auburn, GA 30011-2393
← Back to Legal