Government contractors are subject to cybersecurity requirements, found in the Federal Acquisition Regulation (FAR) and each agency’s supplement to the FAR, and some important deadlines are fast approaching. Set forth below is a high-level overview of cybersecurity requirements found in the FAR and the Department of Defense (DoD) FAR Supplement (DFARS).
The FAR requires government contractors that handle “federal contract information” to comply with 15 requirements for safeguarding that information. These requirements are similar to certain requirements found in NIST SP 800-171.
Under the FAR, “federal contract information” is defined as:
information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public Web sites) or simple transactional information, such as necessary to process payments.
This is a broad category of information, and some commentators have suggested that it would apply to “virtually all” federal contracts.
Keep reading this article at: https://www.jdsupra.com/legalnews/deadlines-approach-for-government-74231/