The Defense Department, General Services Administration, and NASA have issued a final rule amending the Federal Acquisition Regulation (FAR) to add the framework for a new FAR part 40 covering information security and supply chain security.

FAR part 40 – effective May 1, 2024 – will contain the policies and procedures for managing information security and supply chain security when acquiring products and services, according to the April 1 Federal Register publication.

Work for the FAR part 40 rule began in September 2022.

Currently, the policies and procedures for prohibitions, exclusions, supply chain risk information sharing, and safeguarding information that address security objectives are dispersed across multiple parts of the FAR, which makes it difficult for the acquisition workforce to locate, understand, and implement applicable requirements.

This new part 40 will provide contracting officers with a single, consolidated location in the FAR that addresses their role in implementing requirements related to managing information security and supply chain security when acquiring products and services.

The creation of this new FAR part 40 does not implement any of the policies or procedures related to managing information security and supply chain security. The rule simply establishes the new FAR part. Relocation of the related existing policies or procedures will be done through separate rulemaking, the agencies said.

This new part will provide a location to cover broad security requirements that apply across acquisitions. These include security requirements designed to bolster national security through the management of existing or potential adversary-based supply chain risk across technological, intent-based, or economic means.

This final rule is not required to be published for public comment because it is only establishing a framework for a new FAR part and does not implement any policies or procedures that apply to the public.

Read More About
Recent
More Topics
About
Cate Burgan
Cate Burgan
Cate Burgan is a MeriTalk Senior Technology Reporter covering the intersection of government and technology.
Tags