All Alerts & Newsletters

Setting the Floor: New FAR Rule Defines Minimum Contractor Information System Safeguarding

May.17.2016

Shifting approaches, on May 16, 2016, the FAR Council concluded a long-running rulemaking with a final rule and a new clause, FAR 52.204-21, that will establish minimum security controls pulled from NIST Special Publication 800-171 over contractor information systems that may process, store, or transmit “Federal contract information,” defined as information provided to or generated under any government contract (except for COTS) that is not intended for public release. Future rules will address more specific controls applicable to more sensitive information such as Controlled Unclassified Information (CUI), but this rule focuses instead on establishing those baseline controls the FAR Council believes any prudent business would implement in relation to its information systems and does not replace more stringent security requirements like those in the DFARS Safeguarding Rule.

Email Twitter LinkedIn Facebook Google+

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

David Z. Bodenheimer
Partner – Washington, D.C.
Phone: +1 202.624.2713
Email: dbodenheimer@crowell.com

Alan W. H. Gourley
Partner – Washington, D.C., London
Phone: +1 202.624.2561 , +44.20.7413.1342
Email: agourley@crowell.com

Evan D. Wolff
Partner – Washington, D.C.
Phone: +1 202.624.2615
Email: ewolff@crowell.com

Maida Oringher Lerner
Senior Counsel – Washington, D.C.
Phone: +1 202.624.2596
Email: mlerner@crowell.com

Kate M. Growley
Associate – Washington, D.C.
Phone: +1 202.624.2698
Email: kgrowley@crowell.com