On May 12, 2021, President Biden issued an Executive Order aimed at improving cybersecurity of the federal government, with assistance from the private sector. The 18-page Executive Order does not set forth specific requirements, but rather sets deadlines for named agencies to develop requirements, standards, or guidelines on specific cybersecurity areas. The Executive Order also states that “All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order.” Any company subject to either the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) contract requirements may be seeing substantial changes in the future.
government contractors
New law imposes disclosure requirements on software licensors
As a result of the 2019 National Defense Authorization Act, the Secretary of Defense implemented new disclosure obligations on software licensors whose software code has been reviewed or accessed by a foreign government. The Act was signed into law on August 13, 2018 and will significantly impact software licensors who engage with the federal government’s defense agencies relating to “obligations to foreign governments.”
US Government Contractors Now Required to Train Employees on Privacy
Effective January 19, 2017, an update to the Federal Acquisition Regulation (FAR) will require certain contractors that provide services to the federal government to train their employees on privacy. New contracts into which the federal government enters with contractors will include privacy training requirements. In addition, the rule requires contractors to flow down privacy training requirements to their subcontractors.
The rule applies to contractors that:
- Handle Personally Identifiable Information;
- Have access to a system of records; or
- Design, develop, maintain or operate a system of records.