This publication presents Part 2 of our A&D Insights series covering the two recently proposed Federal Acquisition Regulation (FAR) Council rules addressing (1) the standardization of cybersecurity contractual requirements across Federal agencies for unclassified Federal information systems (FAR Case 2021-019), and (2) cyber threats and incident reporting and information sharing requirements for government contractors FAR Case 2021-017). In Part 1 of our series, we addressed the proposed standardization of cybersecurity contractual requirements.
This Part 2 focuses on the proposed rule to impose new requirements concerning cyber threat and incident reporting and information sharing. As discussed in more detail below, the rule will impact a significant number of government contractors and impose more expansive requirements than what we have seen in the acquisition regulations to date.
Authored by Stacy Hadeka, Mike Scheimer, and Mike Mason.