IT security requirement baked into FAR

One of the final pieces to improved agency IT security across government finally is in place: As of Sept. 30, contracting officers must include cybersecurity requirements in acquisition planning.

The Federal Acquisition Regulations Council issued an interim rule late last month outlining five new steps acquisition workers must take to ensure IT security is incorporated into all purchases. The council will accept comments until Nov. 29.

'The intent of adding specific guidance in the FAR is to provide clear, consistent guidance to acquisition officials and program managers,' the rule said, 'and to encourage and strengthen communication with IT security officials, CIOs and other affected parties.

'The Councils recognize that IT security standards will continue to evolve and that agency-specific policy and implementation will evolve differently across the spectrum of federal agencies,' the rule also said. 'Agencies will customize IT security policies and implementations to meet mission need[s].'

To read the rule, go to www.gcn.com and enter 490 in the GCN.com/box.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected