With Congress unable to pass cybersecurity legislation by the August recess, the executive agencies are proceeding to regulate government contractors with access to government information. Specifically, on August 24, 2012, the Federal Acquisition Regulation (FAR) Council proposed a new clause requiring contractors to maintain minimum data protection standards. Comments on the proposal are due October 23, 2012. As explained below, GSA already has in place cybersecurity standards for its contractors, and DoD has proposed its own set of rules. These specific agency rules take precedent over this new FAR clause.

Once final, the new FAR clause will apply to civilian, DoD and NASA contracts exceeding the simplified acquisition threshold ($150,000), including commercial acquisitions. The clause must be flowed down to subcontracts at any tier. The new clause, which will be in FAR Part 52.204, identifies seven basic safeguards for contractor information systems through which nonpublic information generated by or for government either resides or transits. The basic safeguards are...

Please see full alert below for more information.