Federal Contractors Handling Sensitive Government Information
On Oct. 21, the new Federal Acquisition Regulation (“FAR”) rule (the “CUI Rule”) aligning requirements for federal contractors to properly safeguard Controlled Unclassified Information (“CUI”) as outlined in Executive Order 13556 (the “Executive Order”) completed regulatory review. The CUI Rule’s language has not yet been released, but once it is published on the Federal Register, we expect it to introduce some manner of mandate directing compliance with NIST SP 800-171. The CUI Rule demonstrates the Federal Government’s commitment to aligning the government contracting space with the evolving national security climate. Current and interested federal contractors will need to update their cybersecurity practices, policies, and procedures to meet the NIST SP 800-171 and the Executive Order’s standards. This will require new training programs for their workforce and management, implementation of new audit processes and audit logging requirements, and implementation of continuous ne...