The FAR Regulators Enter the Cyber Fray

On the heels of the latest demise of cyber legislation, the FAR Council has proposed new cybersecurity regulations for safeguarding government information ("other than public information") residing on or transiting through contractors' systems. While lacking some of the detail (such as certain NIST standards) contained in a predecessor proposal by DOD, the proposed FAR rule establishes broad requirements for basic cybersecurity safeguards for "all Federal contractors and appropriate subcontractors," including mandates for  (1) "the best level of security and privacy available, given facilities, conditions, and environment"; (2) "at least one physical and one electronic barrier" for such information; (3) "sanitization" prior to disposal of information and electronic media; and (4) "intrusion protection," such as "updated malware protection services."