|View EO 12866 Meetings||Printer-Friendly Version Download RIN Data in XML|
|GSA||RIN: 3090-AJ84||Publication ID: Fall 2019|
|Title: General Services Acquisition Regulation (GSAR); GSAR Case 2016-G511, Contract Requirements for GSA Information Systems|
The General Services Administration (GSA) is proposing to amend the General Services Administration Acquisition Regulation (GSAR) to streamline and update requirements for contracts that involve GSA information systems. GSA's unique policies on cybersecurity and other information technology requirements have been previously communicated through other means. By incorporating these requirements into the GSAR, the GSAR will provide centralized guidance to ensure consistent application across the organization. Integrating these requirements into the GSAR will also allow industry to provide public comments through the rulemaking process.
GSA's cybersecurity requirements mandate contractors to protect the confidentiality, integrity, and availability of unclassified GSA information and information systems from cybersecurity vulnerabilities, and threats in accordance with the Federal Information Security Modernization Act of 2014 and associated Federal cybersecurity requirements. This rule will require contracting officers to incorporate applicable GSA cybersecurity requirements within the statement of work to ensure compliance with Federal cybersecurity requirements and implement best practices for preventing cyber incidents. These GSA requirements mandate applicable controls and standards (e.g., U.S. National Institute of Standards and Technology, U.S. National Archive and Records Administration Controlled Unclassified Information standards).
Contract requirements for internal information systems, external contractor systems, cloud systems, and mobile systems will be covered by this rule. This rule will also update existing GSAR provision 552.239-70, Information Technology Security Plan and Security Authorization, and GSAR clause 552.239-71, Security Requirements for Unclassified Information Technology Resources, to only require the provision and clause when the contract will involve information or information systems connected to a GSA network.
|Agency: General Services Administration(GSA)||Priority: Other Significant|
|RIN Status: Previously published in the Unified Agenda||Agenda Stage of Rulemaking: Proposed Rule Stage|
|Major: No||Unfunded Mandates: No|
|EO 13771 Designation: Other|
|CFR Citation: 48 CFR 501 48 CFR 502 48 CFR 511 48 CFR 539 48 CFR 552|
|Legal Authority: 40 U.S.C. 121(c)|
|Regulatory Flexibility Analysis Required: Yes||Government Levels Affected: Federal|
|Small Entities Affected: Businesses||Federalism: No|
|Included in the Regulatory Plan: No|
|RIN Information URL: www.regulations.gov||Public Comment URL: www.regulations.gov|
|RIN Data Printed in the FR: Yes|
General Services Administration
1800 F Street, NW,
Washington, DC 20405