GSA and NIST draft FAR rule on IT security

The General Services Administration is drafting a Federal Acquisition Regulation addition to integrate security into IT buys.

Joan Hash, director of security management assistance in the National Institute of Standards and Technology's Computer Security Division, made the announcement late last month during a discussion about government cybersecurity at the GovSec conference in Washington.

In addition, NIST is developing governmentwide categories for sensitive but unclassified information, plus a set of minimum-security requirements to protect each category.

Among other things, the new FAR rule would require contracting officers to work with agencies' CIOs to ensure that security requirements are built into purchases.

It will mandate compliance with federal encryption standards and also will require security plans from and security training for contractors. Contracts also would include a standard security clause and a privacy impact statement.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected