left-caret

PH Privacy

Proposed FAR Cybersecurity Requirements Will Add New Obligations for Contractors

October 25, 2023

By  Aaron Charfoos, John Michels, and Marisa Polowitz

Earlier this month the Federal Acquisition Regulatory (“FAR”) Council released two draft rules which would establish new cybersecurity requirements for federal contractors intended to enhance protection of Government networks. The proposed rules, Cyber Threat and Incident Reporting and Information Sharing, and Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems target new requirements for sharing of information related to cyber threats, compliance representations, provision of software bills of service (“SBOMs”), and cybersecurity requirements for Federal Information Systems (“FIS”).

Both proposed rules provide that compliance is “material to eligibility and payment under Government contracts,” signaling significant changes to Contractors will need to adjust to if the rules are finalized as is. The comment period for both of these rules closes December 4, 2023.

To learn more about these proposed changes and what they mean for federal contractors, please see our Client Alert, “FAR” Reaching Consequences: Proposed FAR Cybersecurity Requirements Will Add New Obligations for Contractors.

Practice Areas

Data Privacy and Cybersecurity


For More Information

Image: Aaron Charfoos
Aaron Charfoos

Partner, Litigation Department

Image: John J. Michels
John J. Michels

Associate, Litigation Department