FAR rule would reinforce IT security

Federal Register notice

Federal acquisition regulations have had little to say until now about security requirements for contractors who sell information technology products and services to federal agencies.

Today, the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council published an interim rule that incorporates the IT security provisions of the Federal Information Security Management Act of 2002 into the Federal Acquisition Regulation (FAR).

A Federal Register notice of the rule states that contractors play an ever-larger role in federal information security as agencies outsource more of their IT functions.

By incorporating FISMA requirements into the FAR, the councils will offer acquisition officials and program managers clear and consistent IT security guidance, the notice states.

Among its requirements, the rule amends the FAR by stipulating that contracting officers must seek advice from specialists in information security when buying IT goods and services. It requires that IT security be incorporated into acquisition planning, and it mandates the use of Federal Information Processing Standards.

Anyone interested in the interim rule can submit comments via the Federal eRulemaking Portal by Nov. 29.


  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

Stay Connected