IT security requirement baked into FAR

One of the final pieces to improved agency IT security across government finally is in place: As of Sept. 30, contracting officers must include cybersecurity requirements in acquisition planning.

The Federal Acquisition Regulations Council issued an interim rule late last month outlining five new steps acquisition workers must take to ensure IT security is incorporated into all purchases. The council will accept comments until Nov. 29.

'The intent of adding specific guidance in the FAR is to provide clear, consistent guidance to acquisition officials and program managers,' the rule said, 'and to encourage and strengthen communication with IT security officials, CIOs and other affected parties.

'The Councils recognize that IT security standards will continue to evolve and that agency-specific policy and implementation will evolve differently across the spectrum of federal agencies,' the rule also said. 'Agencies will customize IT security policies and implementations to meet mission need[s].'

To read the rule, go to www.gcn.com and enter 490 in the GCN.com/box.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected