Proposed FAR change extends cybersecurity requirements to contractors
The Defense Department, General Services Administration and NASA are proposing a change to the Federal Acquisition Regulation that would require contractors to secure computer systems that contain government information.
If approved, the change would extend the requirements of the Federal Information Security Management Act of 2002, or FISMA, to "contractor information systems that contain or process information provided by or generated for the Government," according to an Aug. 24 notice posted in the Federal Register.
At present, the FAR "does not specifically address the safeguarding of contractor information systems that contain or process information provided by or generated for the government," says the notice.
The extended cybersecurity obligation would include all information that resides in or transits through contractor information systems, says the notice. This includes areas such as:
- Public computers or websites,
- Transmitting electronic information,
- Transmitting voice and fax information,
- Physical and electronic barriers,
- Intrusion protection, and
- Transfer limitations.
- see the notice in the Federal Register
ISPs actively scan defense contractor Internet traffic under DoD program
Trojan masquerading as Windows updater targets defense contractors
DHS takes control of DIB cybersecurity pilot