Some federal agencies want to make IT security contracting rules simpler to find

NASA, the Defense Department and the General Services Administration have joined together to issue a final rule that tweaks federal acquisition regulations to more efficiently address information and supply chain security, according to a posting on the Federal Register. 

The announcement is an initial move since it only establishes a new section of the Federal Acquisition Regulation but doesn’t formally create any policies or rules. The eventual goal is for provisions related to these topics spread throughout other regulatory sections to be reorganized under a new concentrated section where contracting officers can access the information in a singular place. 

“Currently, the policies and procedures for prohibitions, exclusions, supply chain risk information sharing, and safeguarding information that address security objectives are dispersed across multiple parts of the FAR, which makes it difficult for the acquisition workforce to locate, understand, and implement applicable requirements,” the posting stated. 

It continued: “This new part will provide contracting officers with a single, consolidated location in the FAR that addresses their role in implementing requirements related to managing information security and supply chain security when acquiring products and services.”

The new section could address topics including the cybersecurity supply chain, concerns related to emerging technologies, and “foreign-based risks.” Since no new procedures or policies are being implemented, there will be no public comment period.