The General Services Administration, NASA and the Department of Defense are seeking feedback on a proposed rule that intends to standardize cybersecurity contractual requirements for unclassified federal information systems as part of the implementation of a section within the 2021 cybersecurity executive order.
The proposed rule outlines cybersecurity procedures, policies and requirements for contractor services to build, implement, maintain or operate a FIS, including policies for using cloud and non-cloud computing services, according to a Federal Register notice published Tuesday.
“This rule underscores that compliance with these requirements is material to eligibility and payment under Government contracts,” the notice reads.
The proposed policy, which was introduced as an amendment to the Federal Acquisition Regulation, will apply to the acquisition of commercial products and services.
For FIS using non-cloud computing services, the proposed regulation details requirements for records management and government access, assessments, specification of additional security and privacy controls and cyber supply chain risk management, among others.
Comments on the proposed rule are due Dec. 4.