Setting the Floor: New FAR Rule Defines Minimum Contractor Information System Safeguarding
Client Alert | 1 min read | 05.17.16
Shifting approaches, on May 16, 2016, the FAR Council concluded a long-running rulemaking with a final rule and a new clause, FAR 52.204-21, that will establish minimum security controls pulled from NIST Special Publication 800-171 over contractor information systems that may process, store, or transmit “Federal contract information,” defined as information provided to or generated under any government contract (except for COTS) that is not intended for public release. Future rules will address more specific controls applicable to more sensitive information such as Controlled Unclassified Information (CUI), but this rule focuses instead on establishing those baseline controls the FAR Council believes any prudent business would implement in relation to its information systems and does not replace more stringent security requirements like those in the DFARS Safeguarding Rule.
Contacts
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 2 min read | 03.23.26
On March 13, a Massachusetts federal district court temporarily blocked the Trump Administration from requiring higher education institutions to respond to the Admissions and Consumer Transparency Supplement (“ACTS”) survey — a new data collection effort mandating that institutions disclose detailed admissions information regarding students’ race and sex to the federal government. In Commonwealth of Massachusetts v. Department of Education, 1:26-cv-11229 (D. Mass.), the court extended the deadline for institutions to respond to the survey from March 18th to March 25th to allow time to consider the case.
Client Alert | 1 min read | 03.23.26
Client Alert | 7 min read | 03.23.26
Client Alert | 4 min read | 03.23.26
US Section 301 Investigations: The UK Is in the Crosshairs on Forced Labour — Act Now
