New FAR Part 40 to Address Supply Chain and Information Security Requirements

Client Alert | 1 min read | 04.15.24

On April 1, 2024, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a final rule updating the Federal Acquisition Regulation (FAR) to add Part 40 on information security and supply chain security. This first action did not implement any new requirements; however, separate rulemakings will follow to relocate existing information security and supply chain security policies and procedures to the new Part 40. Additionally, new related regulations will be housed in Part 40. These actions suggest that the flow of information security and supply chain regulations is likely to continue unabated for at least the next few years.

As noted, Part 40 will consolidate the various information security and supply chain security regulations currently distributed throughout the FAR. It ultimately will include regulations concerning prohibitions, exclusions, supply chain risk information sharing, safeguarding information, and supply chain security requirements. For example, the Section 889 prohibition and policies would be placed in Part 40, as would provisions implementing Federal Acquisition Supply Chain Security Act exclusion and removal orders.

Supply chain and information risks that are not considered to be related to security, such as labor restrictions, climate risks, and human trafficking, will not be in Part 40 and will continue to be covered in other parts of the FAR.

Contacts

Adelicia R. Cliffe
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2816
YWNsaWZmZUBjcm93ZWxsLmNvbQ==
Stephanie L. Crawford
Counsel
- Washington, D.C.
  - D | +1.202.624.2811
c2NyYXdmb3JkQGNyb3dlbGwuY29t
Alexandra Barbee-Garrett
Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.508.8918
YWJhcmJlZS1nYXJyZXR0QGNyb3dlbGwuY29t

Insights

Client Alert | 3 min read | 05.28.26

PFAS Regulatory Alert: EPA Rolls Back RCRA Proposed Rule on “Hazardous Waste” but Does Not Disturb Proposed RCRA Rule on PFAS

Earlier this month, the U.S. Environmental Protection Agency (EPA) withdrew a February 2024 Biden administration proposed rule, “Definition of Hazardous Waste Applicable to Corrective Action for Releases From Solid Waste Management Units,” under the Resource Conservation and Recovery Act (RCRA).[1] The withdrawn proposal would have revised RCRA corrective action regulations to expressly apply the broader statutory definition of “hazardous waste,” rather than only the narrower regulatory definition. Now, EPA is maintaining the status quo for corrective action under RCRA. However, EPA’s withdrawal of its proposed RCRA hazardous waste definition makes no mention of its corresponding proposal from 2024 to list nine per- and polyfluoroalkyl substances (PFAS) as RCRA hazardous constituents.[2] This disjointed withdrawal, while providing some certainty for regulated entities, does not resolve how EPA plans to address PFAS under the RCRA program....

Client Alert | 8 min read | 05.28.26
Texas Targets Big Tech With Wave of Suits and Investigations, Part of Nationwide Trend
Client Alert | 7 min read | 05.27.26
Colorado Hits Reset on AI Regulation: SB 26-189 Repeals and Reenacts the Colorado AI Act
Client Alert | 3 min read | 05.27.26
Don’t Get Left in the Doghouse: The Federal Circuit’s Global K9 Case and the Duty to Intervene

View All Insights