In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information.  In addition to updated Department of Defense guidance and procedures for evaluating contractors’ compliance with cybersecurity requirements, as well as an increase in Department of Defense cybersecurity audits, the Federal Acquisition Regulation (FAR) council also has promised a new FAR clause that will require compliance with NIST SP 800-171 security controls for civilian agency contractors that receive or create Controlled Unclassified Information (CUI).
Continue Reading “Internet of Things” Guidance to be Added to Cybersecurity Requirements for Agencies and Federal Contractors

By W. Bruce Shirk

We’ve previously complained about the FAR Council’s tendency to take too much time to issue rules that entail consideration of complex subject matter, as indicated, for example, by the 13 years during which the Council dallied before issuing final rules for commercial off the shelf items, discussed here.  Recent events suggest, however, that there may be good reason for the Council’s dilatory behavior because, as it turns out, when the Council does move quickly in response, say, to a legislative change, it tends to come up with the wrong answer.
 

Continue Reading Who’s In Charge? The GAO, the FAR Council, and Jurisdiction Over Task Order Bid Protests