Setting the Floor: New FAR Rule Defines Minimum Contractor Information System Safeguarding
Client Alert | 1 min read | 05.17.16
Shifting approaches, on May 16, 2016, the FAR Council concluded a long-running rulemaking with a final rule and a new clause, FAR 52.204-21, that will establish minimum security controls pulled from NIST Special Publication 800-171 over contractor information systems that may process, store, or transmit “Federal contract information,” defined as information provided to or generated under any government contract (except for COTS) that is not intended for public release. Future rules will address more specific controls applicable to more sensitive information such as Controlled Unclassified Information (CUI), but this rule focuses instead on establishing those baseline controls the FAR Council believes any prudent business would implement in relation to its information systems and does not replace more stringent security requirements like those in the DFARS Safeguarding Rule.
Contacts
Senior Counsel
She/Her/Hers
Insights
Client Alert | 3 min read | 04.30.24
The DOE in 2023 significantly increased its enforcement activity against manufactures and importers alleged to have violated EPCA’s energy and water conservation standards and related certification requirements, based on available public information. As we previously flagged, the substantial rise in enforcement activity comes as the Biden Administration increasingly focuses on EPCA as a means of achieving environmental policy objectives, including reducing carbon emissions. The Department has continued its enforcement efforts in 2024 and early data from this year sheds light on the Department’s enforcement priorities.
Client Alert | 1 min read | 04.30.24
Client Alert | 4 min read | 04.29.24
Red Alert on the Orange Book: The FTC Continues to Crack Down on Improperly Listed Drug Patents
Client Alert | 3 min read | 04.26.24
CFIUS Proposes Enhanced Enforcement and Mitigation Rules and Steeper Penalties for Non-Compliance
