On October 3, 2023, the FAR Council released two long-awaited proposed rules for federal contractor cybersecurity stemming from the Biden Administration’s Cybersecurity Executive Order from May 2021 (Executive Order 14028). The proposed rules relate to Cyber Threat and Incident Reporting and Information Sharing (FAR Case 2021-017) and Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems (FAR Case 2021-019). The comment period for both rules is currently open and is scheduled to close on December 4, 2023.Continue Reading Two New Cybersecurity Proposed Rules Mean Big Changes for Federal Contractors

By W. Bruce Shirk

We’ve previously complained about the FAR Council’s tendency to take too much time to issue rules that entail consideration of complex subject matter, as indicated, for example, by the 13 years during which the Council dallied before issuing final rules for commercial off the shelf items, discussed here.  Recent events suggest, however, that there may be good reason for the Council’s dilatory behavior because, as it turns out, when the Council does move quickly in response, say, to a legislative change, it tends to come up with the wrong answer.
 Continue Reading Who’s In Charge? The GAO, the FAR Council, and Jurisdiction Over Task Order Bid Protests