A recent final ruling amending the Federal Acquisition Register (FAR clause 52.204-21) adds a new subpart and contract clause that requires government contractors to apply “basic safeguarding measures” to their information systems as of June 15, 2016.
The rule will be of particular importance for government contractors that choose to host their accounting, reporting, project collaboration, and other systems with Cloud Service Providers, where visibility into IT security controls and audit regimes is potentially limited.
Both prime and subcontractors will be subject to the rule’s new requirements. Plus, contracting officers must make a determination regarding a government contractor’s compliance with FAR rule 52.204-21 at the time the contract is awarded.
To read more about the requirements go to: http://1.usa.gov/25Y85JY