View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

GSA RIN: 3090-AJ84 Publication ID: Fall 2017 
Title: General Services Acquisition Regulation (GSAR); GSAR Case 2016-G511, Information and Information Systems Security 

GSA is proposing to update the General Services Administration Acquisition Regulation (GSAR) to update existing GSA cybersecurity requirements that did not previously go through the rulemaking process and integrate these updated requirements within the GSAR. Integrating these requirements into the GSAR will allow GSA to benefit from public comments received during the rulemaking process. The GSA cybersecurity requirements mandate contractors protect the confidentiality, integrity, and availability of unclassified GSA information and information systems from cybersecurity vulnerabilities,and threats in accordance with the Federal Information Security Modernization Act of 2014 and associated Federal cybersecurity requirements. This rule will require contracting officers to incorporate applicable GSA cybersecurity requirements within the statement of work to ensure compliance with Federal cybersecurity requirements and implement best practices for preventing cyber incidents. These GSA requirements mandate applicable controls and standards (e.g. U.S. National Institute of Standards and Technology, U.S. National Archive and Records Administration Controlled Unclassified Information standards).

Cybersecurity requirements for internal contractor systems, external contractor systems, cloud systems, and mobile systems will be covered by this rule. It will also update existing GSAR provision 552.239-70, Information Technology Security Plan and Security Authorization and GSAR clause 552.239-71, Security Requirements for Unclassified Information Technology Resources to only require the provision and clause when the contract will involve information or information systems connected to a GSA network.

Agency: General Services Administration(GSA)  Priority: Other Significant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Proposed Rule Stage 
Major: No  Unfunded Mandates: No 
EO 13771 Designation: Other 
CFR Citation: 48 CFR 501    48 CFR 502    48 CFR 511    48 CFR 539    48 CFR 552   
Legal Authority: 40 U.S.C. 121(c)   
Legal Deadline:  None
Action Date FR Cite
NPRM  04/00/2018 
NPRM Comment Period End  06/00/2018 
Regulatory Flexibility Analysis Required: Yes  Government Levels Affected: Federal 
Small Entities Affected: Businesses, Governmental Jurisdictions  Federalism: No 
Included in the Regulatory Plan: No 
RIN Information URL:   Public Comment URL:  
RIN Data Printed in the FR: Yes 
Agency Contact:
Michelle Bohm
Contract Specialist
General Services Administration
100 S. Independence Mall W Room: 9th Floor,
Philadelphia, PA 19106-2320
Phone:215 446-4705