The Federal Acquisition Regulation (FAR) recently proposed a new rule that could have significant implications for contractors. This rule aims to standardize cybersecurity requirements for a Federal Information System (FIS), indicating a shift in the legal landscape for organisations involved in federal contracting.
The Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) issued the proposed rule on October 3, 2023. If adopted, it will have a broad impact, applying to all parties rewarded with a contract to develop, operate, or maintain a FIS.
This regulation brings forth new responsibilities that contractors would want to be fully aware of. Detailed information about the proposal is not yet publicly disclosed. However, the standardization of cybersecurity requirements would undoubtedly necessitate alterations to existing practices related to data security and risk management for those involved in federal contracting.
In anticipation of the rule’s adoption, contractors should start reviewing their current cybersecurity measures and consult with legal counsel to ensure compliance. As this is a developing story, legal professionals, especially those in corporate law firms and big corporations, will need to continue paying close attention to its progress and what it may mean for their clients. Finally, this proposed rule, if adopted, would further emphasize the importance of robust cybersecurity infrastructure in upholding the integrity of federal contracts.