The
Department
of
Defense,
General
Services
Administration,
and
National
Aeronautics
and
Space
Administration
are
proposing
to
amend
the Federal
Acquisition
Regulation
to
address
the
safeguarding
of
contractor
information
systems.
A
proposed
rule
would
add
a
new
subpart
(FAR
Subpart
4.17)
and
contract
clause
(FAR
52.204-xx)
for
the
basic
safeguarding
of
contractor
information
systems.
Under
new
FAR
4.1702,
Applicability,
the
rule
would
apply
to
commercial
items
and
commercial-off-the-shelf
items
when
a
contractor's
information
system
contains
non-public
information
provided
by
or
generated
for
the
government
that
will
reside
on
or
transit
through
contractor
information
systems.
The
rule
may
be
applied
under
the
simplified
acquisition
threshold
if
the
contracting
officer
determines
inclusion
of
the
clause
is
appropriate.
Under
the
new
clause,
the
protective
measures
must
be
applied
to
public
computers
and
web
sites,
transmitting
electronic
information,
transmitting
voice
and
fax
information,
physical
and
electronic
barriers,
sanitization,
intrusion
protection,
and
transfer
limitations.
DoD,
GSA,
and
NASA
considered
comments
on a
related
DoD
rule
( ¶70,020.301)
in
drafting
the
proposed
rule.
A
complete
listing
of
the
FAR
provisions
impacted
by
the
rule
appears
in
the
regulation
table
below.
Comments
referencing
FAR
Case
2011-020
are
due
October
23,
2012.
For
the
text
of
the
rule,
see ¶70,006.270.
|