Our Website Uses Cookies 


We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.


For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Final FAR Cyber Rule Issued on Safeguarding of Contractor Systems

May 16, 2016, Covington Alert

Today, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a Final Rule to add a new subpart and contract clause (52.204-21) to the Federal Acquisition Regulation (FAR) “for the basic safeguarding of contractor information systems that process, store, or transmit Federal contract information.” See 81 Fed. Reg. 30439 (May 16, 2016). The Final Rule imposes a set of fifteen “basic” security controls for contractor information systems upon which “Federal contract information” transits or resides. Federal contract information is defined as information provided by or generated for the Government under a contract to develop a product or service for the Government, but does not include either: (1) information provided by the Government to the public, such as on a website, or (2) simple transactional information, such as that needed to process payments. Based on the scope of the Final Rule, the vast majority of federal contractors will be covered by this Final Rule once they accept the clause.

Share this article: