FAR rule would reinforce IT security

Federal Register notice

Federal acquisition regulations have had little to say until now about security requirements for contractors who sell information technology products and services to federal agencies.

Today, the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council published an interim rule that incorporates the IT security provisions of the Federal Information Security Management Act of 2002 into the Federal Acquisition Regulation (FAR).

A Federal Register notice of the rule states that contractors play an ever-larger role in federal information security as agencies outsource more of their IT functions.

By incorporating FISMA requirements into the FAR, the councils will offer acquisition officials and program managers clear and consistent IT security guidance, the notice states.

Among its requirements, the rule amends the FAR by stipulating that contracting officers must seek advice from specialists in information security when buying IT goods and services. It requires that IT security be incorporated into acquisition planning, and it mandates the use of Federal Information Processing Standards.

Anyone interested in the interim rule can submit comments via the Federal eRulemaking Portal by Nov. 29.


  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected