New FAR Part 40 to Address Supply Chain and Information Security Requirements

Client Alert | 1 min read | 04.15.24

On April 1, 2024, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a final rule updating the Federal Acquisition Regulation (FAR) to add Part 40 on information security and supply chain security. This first action did not implement any new requirements; however, separate rulemakings will follow to relocate existing information security and supply chain security policies and procedures to the new Part 40. Additionally, new related regulations will be housed in Part 40. These actions suggest that the flow of information security and supply chain regulations is likely to continue unabated for at least the next few years.

As noted, Part 40 will consolidate the various information security and supply chain security regulations currently distributed throughout the FAR. It ultimately will include regulations concerning prohibitions, exclusions, supply chain risk information sharing, safeguarding information, and supply chain security requirements. For example, the Section 889 prohibition and policies would be placed in Part 40, as would provisions implementing Federal Acquisition Supply Chain Security Act exclusion and removal orders.

Supply chain and information risks that are not considered to be related to security, such as labor restrictions, climate risks, and human trafficking, will not be in Part 40 and will continue to be covered in other parts of the FAR.

Contacts

Adelicia R. Cliffe
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2816
YWNsaWZmZUBjcm93ZWxsLmNvbQ==
Stephanie L. Crawford
Counsel
- Washington, D.C.
  - D | +1.202.624.2811
c2NyYXdmb3JkQGNyb3dlbGwuY29t
Alexandra Barbee-Garrett
Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.508.8918
YWJhcmJlZS1nYXJyZXR0QGNyb3dlbGwuY29t

Insights

Client Alert | 3 min read | 11.21.25

A Sign of What’s to Come? Court Dismisses FCA Retaliation Complaint Based on Alleged Discriminatory Use of Federal Funding

On November 7, 2025, in Thornton v. National Academy of Sciences, No. 25-cv-2155, 2025 WL 3123732 (D.D.C. Nov. 7, 2025), the District Court for the District of Columbia dismissed a False Claims Act (FCA) retaliation complaint on the basis that the plaintiff’s allegations that he was fired after blowing the whistle on purported illegally discriminatory use of federal funding was not sufficient to support his FCA claim. This case appears to be one of the first filed, and subsequently dismissed, following Deputy Attorney General Todd Blanche’s announcement of the creation of the Civil Rights Fraud Initiative on May 19, 2025, which “strongly encourages” private individuals to file lawsuits under the FCA relating to purportedly discriminatory and illegal use of federal funding for diversity, equity, and inclusion (DEI) initiatives in violation of Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity (Jan. 21, 2025). In this case, the court dismissed the FCA retaliation claim and rejected the argument that an organization could violate the FCA merely by “engaging in discriminatory conduct while conducting a federally funded study.” The analysis in Thornton could be a sign of how forthcoming arguments of retaliation based on reporting allegedly fraudulent DEI activity will be analyzed in the future....

Client Alert | 3 min read | 11.20.25
Design Patent Application Drawings & Prosecution History Must Be Clear (Merely Translucent Won’t Suffice!)
Client Alert | 3 min read | 11.20.25
Implications of CRISPR Dispute on Licensees
Client Alert | 6 min read | 11.19.25
Buying Peace: The Importance of Releasing FCA Liability When Resolving Criminal Allegations of Fraud Against the Government

View All Insights