FAR rule would reinforce IT security

Federal Register notice

Federal acquisition regulations have had little to say until now about security requirements for contractors who sell information technology products and services to federal agencies.

Today, the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council published an interim rule that incorporates the IT security provisions of the Federal Information Security Management Act of 2002 into the Federal Acquisition Regulation (FAR).

A Federal Register notice of the rule states that contractors play an ever-larger role in federal information security as agencies outsource more of their IT functions.

By incorporating FISMA requirements into the FAR, the councils will offer acquisition officials and program managers clear and consistent IT security guidance, the notice states.

Among its requirements, the rule amends the FAR by stipulating that contracting officers must seek advice from specialists in information security when buying IT goods and services. It requires that IT security be incorporated into acquisition planning, and it mandates the use of Federal Information Processing Standards.

Anyone interested in the interim rule can submit comments via the Federal eRulemaking Portal by Nov. 29.


  • Workforce
    online collaboration (elenabsl/Shutterstock.com)

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

Stay Connected