New FAR Part 40 to Address Supply Chain and Information Security Requirements

Client Alert | 1 min read | 04.15.24

On April 1, 2024, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a final rule updating the Federal Acquisition Regulation (FAR) to add Part 40 on information security and supply chain security. This first action did not implement any new requirements; however, separate rulemakings will follow to relocate existing information security and supply chain security policies and procedures to the new Part 40. Additionally, new related regulations will be housed in Part 40. These actions suggest that the flow of information security and supply chain regulations is likely to continue unabated for at least the next few years.

As noted, Part 40 will consolidate the various information security and supply chain security regulations currently distributed throughout the FAR. It ultimately will include regulations concerning prohibitions, exclusions, supply chain risk information sharing, safeguarding information, and supply chain security requirements. For example, the Section 889 prohibition and policies would be placed in Part 40, as would provisions implementing Federal Acquisition Supply Chain Security Act exclusion and removal orders.

Supply chain and information risks that are not considered to be related to security, such as labor restrictions, climate risks, and human trafficking, will not be in Part 40 and will continue to be covered in other parts of the FAR.

Contacts

Adelicia R. Cliffe
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2816
YWNsaWZmZUBjcm93ZWxsLmNvbQ==
Stephanie L. Crawford
Counsel
- Washington, D.C.
  - D | +1.202.624.2811
c2NyYXdmb3JkQGNyb3dlbGwuY29t
Alexandra Barbee-Garrett
Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.508.8918
YWJhcmJlZS1nYXJyZXR0QGNyb3dlbGwuY29t

Insights

Client Alert | 4 min read | 06.25.26

Twin Executive Orders Seek to Spur Quantum Leap in Technology and Cybersecurity

On June 22, 2026, President Trump signed two executive orders, “Securing the Nation Against Advanced Cryptographic Attacks” (Quantum Security EO) and “Ushering in the Next Frontier of Quantum Innovation” (Quantum Innovation EO), marking the most significant federal action on quantum technology since the Quantum Computing Cybersecurity Preparedness Act of 2022, which directed agencies to harden their information systems against quantum-enabled hacking. The orders seek to speed the development of quantum computers, which are advanced processors that can calculate multiple possibilities simultaneously and thus solve problems exponentially faster than traditional computers. At the same time, the orders look to protect against the danger that quantum technology can “break” traditional encryption by easily decoding it. Of particular note for government contractors, the Quantum Security EO directs agencies to update federal acquisition regulations to require contractors by 2031 to adopt information processing standards that resist quantum-enabled codebreaking....

Client Alert | 7 min read | 06.24.26
DOJ’s National Security Division Announces First Declination Under New Corporate Enforcement Policy With Parallel BIS Settlement
Client Alert | 3 min read | 06.24.26
OhioHealth Settlement and White House Report Signal Broader Federal Focus on Restrictive Hospital Contracting
Client Alert | 4 min read | 06.23.26
EPA Hands Over AI Data Center Regulation to States and Communities to Develop Best Practices

View All Insights