FAR rule would reinforce IT security
The interim rule puts the information security provisions of the Federal Information Security Management Act into the Federal Acquisition Regulation.
Federal acquisition regulations have had little to say until now about security requirements for contractors who sell information technology products and services to federal agencies.
Today, the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council published an interim rule that incorporates the IT security provisions of the Federal Information Security Management Act of 2002 into the Federal Acquisition Regulation (FAR).
A Federal Register notice of the rule states that contractors play an ever-larger role in federal information security as agencies outsource more of their IT functions.
By incorporating FISMA requirements into the FAR, the councils will offer acquisition officials and program managers clear and consistent IT security guidance, the notice states.
Among its requirements, the rule amends the FAR by stipulating that contracting officers must seek advice from specialists in information security when buying IT goods and services. It requires that IT security be incorporated into acquisition planning, and it mandates the use of Federal Information Processing Standards.
Anyone interested in the interim rule can submit comments via the Federal eRulemaking Portal by Nov. 29.