IT security requirement baked into FAR

One of the final pieces to improved agency IT security across government finally is in place: As of Sept. 30, contracting officers must include cybersecurity requirements in acquisition planning.

The Federal Acquisition Regulations Council issued an interim rule late last month outlining five new steps acquisition workers must take to ensure IT security is incorporated into all purchases. The council will accept comments until Nov. 29.

“The intent of adding specific guidance in the FAR is to provide clear, consistent guidance to acquisition officials and program managers,” the rule said, “and to encourage and strengthen communication with IT security officials, CIOs and other affected parties.

“The Councils recognize that IT security standards will continue to evolve and that agency-specific policy and implementation will evolve differently across the spectrum of federal agencies,” the rule also said. “Agencies will customize IT security policies and implementations to meet mission need[s].”

To read the rule, go to www.gcn.com and enter 490 in the Quickfind box.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected