4 September 2012
With Congress unable to pass cybersecurity legislation by the August recess, the executive agencies are proceeding to regulate government contractors with access to government information. Specifically, on August 24, 2012, the Federal Acquisition Regulation (FAR) Council proposed a new clause requiring contractors to maintain minimum data protection standards. Comments on the proposal are due October 23, 2012. As explained below, GSA already has in place cybersecurity standards for its contractors, and DoD has proposed its own set of rules. These specific agency rules take precedent over this new FAR clause.