New FAR Clause Establishes Minimum Data Security Requirements for Federal Contractors

more+
less-

With Congress unable to pass cybersecurity legislation by the August recess, the executive agencies are proceeding to regulate government contractors with access to government information. Specifically, on August 24, 2012, the Federal Acquisition Regulation (FAR) Council proposed a new clause requiring contractors to maintain minimum data protection standards. Comments on the proposal are due October 23, 2012. As explained below, GSA already has in place cybersecurity standards for its contractors, and DoD has proposed its own set of rules. These specific agency rules take precedent over this new FAR clause.

Once final, the new FAR clause will apply to civilian, DoD and NASA contracts exceeding the simplified acquisition threshold ($150,000), including commercial acquisitions. The clause must be flowed down to subcontracts at any tier. The new clause, which will be in FAR Part 52.204, identifies seven basic safeguards for contractor information systems through which nonpublic information generated by or for government either resides or transits. The basic safeguards are...

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Government Contracting Updates, Mergers & Acquisitions Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Squire Patton Boggs | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »