New FAR Part 40 to Address Supply Chain and Information Security Requirements
Client Alert | 1 min read | 04.15.24
On April 1, 2024, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a final rule updating the Federal Acquisition Regulation (FAR) to add Part 40 on information security and supply chain security. This first action did not implement any new requirements; however, separate rulemakings will follow to relocate existing information security and supply chain security policies and procedures to the new Part 40. Additionally, new related regulations will be housed in Part 40. These actions suggest that the flow of information security and supply chain regulations is likely to continue unabated for at least the next few years.
As noted, Part 40 will consolidate the various information security and supply chain security regulations currently distributed throughout the FAR. It ultimately will include regulations concerning prohibitions, exclusions, supply chain risk information sharing, safeguarding information, and supply chain security requirements. For example, the Section 889 prohibition and policies would be placed in Part 40, as would provisions implementing Federal Acquisition Supply Chain Security Act exclusion and removal orders.
Supply chain and information risks that are not considered to be related to security, such as labor restrictions, climate risks, and human trafficking, will not be in Part 40 and will continue to be covered in other parts of the FAR.
Contacts
Insights
Client Alert | 1 min read | 07.08.26
CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117
As part of its ongoing effort to conform the Cost Accounting Standards (“CAS”) to generally accepted accounting principles (“GAAP”), the CAS Board published a final rule rescinding CAS 408 (Accounting for costs of compensated personal absence) and CAS 411 (Accounting for acquisition costs of material). The CAS Board also rescinded CAS 404 (Capitalization of tangible assets) and CAS 409 (Depreciation of tangible capital assets) but retained certain requirements of CAS 404 and 409, which will be located in new paragraphs of CAS 405 (Accounting for unallowable costs). Specifically, the CAS Board retained the requirements currently located at CAS 404-50(d)(1), CAS 409-50(e)(5), CAS 409-50(j)(1), and CAS 409-50(j)(4), which the CAS Board explained are necessary to protect the Government’s interests. Otherwise, the CAS Board determined that the requirements of CAS 404, 408, 409, and 411 overlapped with GAAP such that GAAP “may be applied reasonably as a substitute for CAS to support contract cost and pricing.”
Client Alert | 1 min read | 07.08.26
Crowell & Moring and Crowell GovCon Strategies at Farnborough International Airshow 2026
Client Alert | 7 min read | 07.08.26
Illinois Imposes Transparency and Safety Obligations on Frontier AI Systems
Client Alert | 10 min read | 07.08.26
Proactive Compliance in Health Care: “Getting Ahead” of Enforcement in 2026 and Beyond



