In an effort to bolster the nation’s cybersecurity framework, the Federal Acquisition Regulatory Council (FAR Council) proposed two significant cybersecurity regulations on October 3, 2023. These proposals are direct outcomes of President Biden’s May 2021 Executive Order No. 14028 dedicated to enhancing the United States’ cybersecurity protocol. This noteworthy development is a substantial step towards implementing robust cybersecurity measures within both governmental and private sectors.
The proposed regulation in FAR Case No. 2021-0017, in particular, has significant implications for contractors who utilize information and communications technology (ICT) systems while performing a contract. Chiefly, it necessitates the prompt reporting of cyber incidents.
JD Supra reported on this regulatory development in detail, highlighting its wider legal and contractual implications.
These proposed rules come as a result of growing concern about the increasing number of cybersecurity attacks nationwide, thus emphasizing the need for stronger cybersecurity protocols and due diligence. With the introduction of these proposed rules, contractors may find stricter and more immediate reporting requirements, and increased regulation regarding cybersecurity practices.
Gaining understanding of these developments is crucial for legal professionals servicing corporations and law firms, as these proposed measures could significantly impact how business is conducted with the US government. It would be prudent for legal teams to familiarize themselves with the details of these proposed regulations, and plan appropriate strategies aligned with their organizations’ cyber risk management frameworks.