Main Nav

Proposed Rule to Safeguard Contractor Information Systems Impact on Higher Education

The General Services Administration (GSA), Department of Defense (DoD), and National Aeronautics and Space Administration (NASA) have issued a Proposed Rule that would enhance the cybersecurity of government information held by contractors, including colleges and universities.  The proposal would amend the Federal Acquisition Regulation (FAR) to add a new subpart and contract clause for the basic safeguarding of contractor information systems that contain information provided by or generated for the Government (other than public information) that will be resident on or transiting through contractor information systems.

The rule proposes that contractors provide “protective measures to information” and identifies the following areas for attention:

  • Public computers or Web sites
  • Transmitting electronic information
  • Transmitting voice and fax information
  • Physical and electronic barriers
  • Sanitization
  • Intrusion protection
  • Transfer limitations

The Proposed Rule would also add a contract clause to address requirements for the basic safeguarding of contractor information systems that contain government information.  GSA, DoD, and NASA have concluded that “these requirements are an extension of the requirements under the Federal Information Security Management Act (FISMA) of 2002.”  Colleges and universities have become accustomed to seeing cybersecurity requirements increasingly make their way into federal contracts.  This rule would solidify that practice and you would expect it to become a routine practice. 

Comments on the Proposed Rule are being accepted until October 23, 2012.  Comments can be submitted by mail, fax, or via www.regulations.gov via the Federal eRulemaking portbal by searching for “FAR Case 2011-020.”

Tags from the EDUCAUSE Library