Part 40
Information Security and Supply Chain Security
FAR Part 40 sets the foundation for protecting federal information and supply chains by prohibiting certain high-risk procurements and mandating strict security compliance in government contracts.
Overview
FAR Part 40 establishes the regulatory framework for information security and supply chain security in federal acquisitions. Its primary purpose is to ensure that government contracts incorporate robust security measures to protect sensitive information and mitigate supply chain risks. The part is organized into reserved subparts and a substantive subpart (40.2) that addresses security prohibitions and exclusions, including specific rules related to the procurement and operation of unmanned aircraft systems (UAS) from certain foreign entities. This structure signals a focus on both general and targeted security requirements, with detailed procedures, definitions, and contract clauses provided in the relevant subparts.
Key Rules
- Scope and Organization
- FAR Part 40 covers information security and supply chain security requirements for federal contracts, with reserved subparts for future expansion and a substantive subpart on security prohibitions.
- Security Prohibitions and Exclusions (Subpart 40.2)
- Establishes prohibitions on procuring and operating UAS from foreign entities covered by the American Security Drone Act, including definitions, applicability, exemptions, exceptions, waiver procedures, and required contract clauses.
Responsibilities
- Contracting Officers: Must ensure solicitations and contracts comply with security prohibitions and include required clauses.
- Contractors: Must avoid prohibited sources and comply with all security-related contract terms.
- Agencies: Oversee compliance, process exemptions/waivers, and enforce security requirements.
Practical Implications
- FAR Part 40 exists to safeguard federal information and supply chains from security threats, particularly those posed by foreign adversaries. Contractors must be vigilant about sourcing and operational restrictions, especially regarding UAS. Failure to comply can result in contract ineligibility or termination, making awareness and adherence to these rules critical for continued federal business.