The EO is broad in scope, addressing many of the challenges faced with securing information and operational technology systems. As the Federal Government continues to move closer to proactive threat management, there are various ways you can help prepare to implement changes:

• Keep abreast of proposed updates to the FAR (Federal Acquisition Regulation)
• Anticipate potential future solicitation refresh and/or mass modification or manual modification of contract language to reflect guidance from National Institute of Standards and Technology) NIST, Cybersecurity and Infrastructure Security Agency (CISA) and/or GSA
• Watch for GSA guidance and updates
• Attend training sessions as they become available

Draft FAR Case 2021-019, Standardizing Cybersecurity Requirements for Unclassified Federal 1 Information Systems, implements sections 2(i) and 8(b) of Executive Order 14028, Improving the Nation’s Cybersecurity, relating to standardizing common cybersecurity contractual requirements across Federal agencies for unclassified Federal information systems, pursuant to Department of Homeland Security recommendations. As of 06/23/2022 the resolved draft proposed FAR rule open issues were resolved and it is currently in FAR staff processing.

Draft FAR Case 2021-017, Cyber Threat and Incident Reporting and Information Sharing, implements sections 2(b)-(c), 2(g)(i), 8(b) of Executive Order 14028, Improving the Nation’s Cybersecurity, relating to sharing of information about cyber threats and incident information and reporting cyber incidents. As of 05/22/2022 the FAR staff notified Defense Acquisition Regulation (DAR) staff of Civilian Agency Acquisition Council (CAAC) differences from team report or Defense Acquisition Regulations Council (DARC) suggested changes. The DAR and FAR staff are resolving draft proposed FAR rule open issues.