FAR Council’s Cybersecurity Showdown: A Mission Impossible for Federal Contractors?

When the FAR Council plays “Simon Says” with Federal Contractor Cybersecurity Regulations, there’s no Tom Cruise to save the day if you lose your password. Expect a cyber-“Mission Impossible” with new rules that demand you keep Uncle Sam’s data safer than a nuclear launch code. Contractors, get ready for a cybersecurity playoffs!

Hot Take:

So, the Federal Acquisition Regulation Council (FAR Council) decided to play “Simon Says” with federal contractors, but instead of touching your nose or hopping on one foot, it’s all about cybersecurity rules. Flexing its muscles, FAR Council has proposed two new rules that will keep federal contractors on their toes. With all the talk about SBOMs, FISs, and COTs, it’s clear that the government is serious about keeping Uncle Sam’s data safer than a nuclear launch code. It’s like a cybersecurity version of “Mission Impossible”, but Tom Cruise isn’t coming to save the day if you lose your password.

Key Points:

  • FAR Council has proposed two new cybersecurity rules affecting federal contractors.
  • One rule applies to contractors using Information and Communications Technology (ICT) systems, setting forth incident reporting and software bill of materials (SBOM) requirements.
  • The second rule standardizes cybersecurity requirements for contractors providing or maintaining a Federal Information System (FIS).
  • Contractors will need to develop and maintain an SBOM, report security incidents within eight hours, and provide full access to impacted information systems.
  • The new clauses may impact contractors’ liability, with implications for breaches of contract and potential exposure under the False Claims Act.

Need to know more?

Sweeping Changes in Cybersecurity Land

About 75% of federal contractors are going to need a new planner to keep up with the proposed Cyber Threat and Incident Reporting rules. The goal is to create a network of cyber sentinels, reporting incidents faster than a gossip at a garden party. The new rule also requires contractors to develop and maintain an SBOM - think of it as a family tree for your software.

Unlocking the FIS Code

The second rule is all about standardizing cybersecurity for Federal Information Systems (FIS). If you're a contractor providing or maintaining an FIS, get ready for two new contract clauses, one for cloud-based FIS and the other for non-cloud FIS. Just like a strict gym trainer, these rules intend to keep your FIS fit and fine.

Don't Drop the Ball, Contractors!

These rules aren't suggestions - they carry some serious legal weight. Those who misrepresent their cybersecurity practices or fail to report incidents could find themselves facing the music under the False Claims Act. So, contractors, it's time to sharpen up your cybersecurity game, or risk being caught offside in the government’s new cybersecurity playoffs.

Join the Conversation

Don't just sit there gobsmacked, contractors! The proposed rules are open for comments until December 4, 2023. So, take this opportunity to voice your opinions, concerns, and suggestions. After all, it's your chance to contribute to the rules of the cybersecurity game.