Safeguarding of Contractor Information Systems Expands Beyond DFARS 252-204.7012

By Eric Noonan • June 1, 2016

 * This is the first in a multi-part series on the new FARS 4.19 clause.

Recently, the US Government issued a final rule to the Federal Acquisition Regulations (FAR) to “add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store, or transmit Federal contract information”.  This is a new mandatory regulation, similar to the requirements established by the US Department of Defense with the Defense Federal Acquisition Regulation Supplement (DFARS).

On May 16, 2016, the final FAR ruling was issued, 48 C.F.R. Part 4.19 establishing minimum safeguarding requirements for federal contractor information systems and expressly provide that Federal agencies and departments may impose additional specific requirements.  The new FAR regulation goes into effect on June 16, 2016.  DoD, as mentioned in previous blogs has already amended its regulations to require covered contractors to comply with DFARS 252.204-7012. The new FAR 4.19 clause applies to all federal contractor information systems that are owned or operated by a contractor that processes, stores, or transmits Federal contract information.  While the new regulation does not require compliance with any specific NIST standards, unlike the DFARS regulation that requires NIST SP 800-171 compliance, the new regulation lists many of the same 14 control families detailed in 800-171.

CyberSheath can help you meet your compliance objectives and requirements, contact us today.

Cybersheath Blog

CMMC Compliance Dashboard: Gain New Visibility into Compliance

CMMC is not a compliance framework. It’s a maturity model. That has big implications for how you approach compliance, but also how you keep track of all the elements that make up compliance. And yet, visibility has been one of the most difficult challenges facing DIB contractors. It used to…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

How to Offboard Your Managed Services Provider

For any of a variety of reasons including lack of communication, slow response times, or prolonged downtime, your organization has decided to change your managed service provider (MSP). Whether you have already signed an agreement with a new MSP or you are actively looking for a replacement, now is the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft