4.1903
Contract clause
Contracting officers must include the safeguarding clause at 52.204-21 in contracts where Federal contract information may be handled, ensuring basic cybersecurity protections are in place.
Overview
FAR 4.1903 requires contracting officers to include the clause at 52.204-21, Basic Safeguarding of Covered Contractor Information Systems, in all solicitations and contracts where the contractor or any subcontractor may handle Federal contract information (FCI) within their information systems. This ensures that contractors implement minimum safeguarding requirements to protect sensitive government data from unauthorized access or disclosure during contract performance.
Key Rules
- Clause Inclusion Requirement
- The clause at 52.204-21 must be inserted in applicable solicitations and contracts.
- Applicability to Subcontractors
- The requirement extends to subcontractors at any tier who may have FCI in their systems.
Responsibilities
- Contracting Officers: Must ensure the clause is included in all relevant solicitations and contracts.
- Contractors: Must comply with the safeguarding requirements outlined in 52.204-21 if they or their subcontractors handle FCI.
- Agencies: Oversee compliance and ensure proper clause flow-down to subcontractors.
Practical Implications
- This section exists to protect sensitive Federal contract information from cyber threats.
- It impacts daily contracting by requiring contractors to assess their information systems and implement basic security measures.
- Common pitfalls include failing to flow down the clause to subcontractors or not properly safeguarding FCI, which can lead to compliance violations.