Earlier this month the Federal Acquisition Regulatory (“FAR”) Council released two draft rules which would establish new cybersecurity requirements for federal contractors intended to enhance protection of Government networks. The proposed rules, Cyber Threat and Incident Reporting and Information Sharing, and Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems target new requirements for sharing of information related to cyber threats, compliance representations, provision of software bills of service (“SBOMs”), and cybersecurity requirements for Federal Information Systems (“FIS”).

Both proposed rules provide that compliance is “material to eligibility and payment under Government contracts,” signaling significant changes to Contractors will need to adjust to if the rules are finalized as is. The comment period for both of these rules closes December 4, 2023.

To learn more about these proposed changes and what they mean for federal contractors, please see our Client Alert, “FAR” Reaching Consequences: Proposed FAR Cybersecurity Requirements Will Add New Obligations for Contractors.