Related sites
Cybersecurity programs and policy
We manage many IT security programs, and help agencies implement IT policy that enhances the safety and resiliency of the government’s systems and networks.
Featured announcements
Implementation of Federal Acquisition Supply Chain Security Act orders
- The Federal Register published this interim rule effective December 4, 2023. The rule applies prospectively, and when a contracting officer modifies an existing contract to include the new clause.
- This message to our industry partners [PDF - 408 KB] includes a quick guide on our implementation plan.
- There are currently no outstanding FASCSA orders that need to be implemented.
- Most FASCSA orders will be viewable on SAM.gov. There are currently no FASCSA orders to view on SAM.gov. To learn how to download the FASCSA orders file, watch this training video or read this knowledge article.
- FAR case 2020-011 implements section 1323 of the SECURE Technology Act, which created the Federal Acquisition Security Council and authorized the Secretary of Homeland Security, the Secretary of Defense, and the Director of National Intelligence to issue removal orders and exclusion orders.
- Have questions about FASC operations? Email fasc.pmo@omb.eop.gov.
Partial implementation of Executive Order 14028
- The Federal Register published two proposed cybersecurity FAR rules.
- Cyber Threat Incident Reporting and Information Sharing: FAR case 2021-017 is proposed to amend the FAR to increase information sharing about cyber threats and incidents between the government and information technology and operational technology service providers.
- Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems: FAR case 2021-019 is proposed to amend the FAR to standardize cybersecurity contractual requirements across federal agencies for unclassified federal information systems.
Implementation of the No TikTok on Government Devices Act
- FAR 52.204-27, established by a FAR interim rule on June 2, prohibits the presence or use of TikTok as well as any successor application or service developed by ByteDance Limited or an entity owned by ByteDance Limited on executive agency IT, including certain equipment used by federal contractors.
- This clause is included in solicitations issued and awards made on or after June 2. Existing indefinite delivery vehicles had the clause added via modification by July 3.
- All other contracts and orders will have the clause added if a modification is executed to extend the period of performance.
Policy webinars
Our Office of Policy and Compliance holds quarterly industry engagements to share information and plan for the future. Recent webinars you can watch include:
- Final FY24 policy landscape webinar: Sept. 2024
- FY24 policy landscape webinar three: June 2024
- FY24 policy landscape webinar two: March 2024
Search “policy landscape webinar” on Interact to see all posts about our webinars.
Links to helpful cybersecurity program info
Identity, Credential, and Access Management
- Federal Identity, Credential and Access Management, or FICAM Program — Guidance to help federal agencies implement security practices that enable the right individual to access the right resource, at the right time, for the right reason.
- IDManagement.gov — Read about the FICAM program management office, access multiple playbooks, and get info specific to acquisition professionals.
- USAccess Program — Shared service that provides civilian agencies with badging solutions.
- Login.gov — Easy and secure access to government services online.
- Identity, Credential, and Access Management for our program offices.
National Institute of Standards and Technology
Domains and web hosting
- get.gov — Learn how you can get a .gov domain
- Pages — Access a publishing platform for modern, user-centered websites
Cloud
- Federal Risk and Authorization Management Program — Explore FedRAMP, a standardized government approach to security authorizations for cloud service offerings
- Cloud.gov — Read about why you should consider using cloud.gov to host and update websites, APIs, and other applications
Links to relevant cybersecurity policies and requirements for federal agencies
Federal Information Security Modernization Act of 2014 (FISMA 2014) — Public Law No: 113-283
- White House Office of Management and Budget Circulars
- OMB Circular No. A-130: Managing information as a strategic resource
If you want | Search for |
---|---|
OMB Memoranda |
|
Presidential Executive Orders |
|
Presidential Policy Directives |
|
Homeland Security Presidential Directives | HSPD 20, National Continuity Policy |
Federal Emergency Management Agency Directives | Federal Continuity Directive 1, Federal Executive Branch National Continuity Program and Requirements |
NIST standards
- NIST Computer Security Resource Center — Find standards, guidelines, recommendations, and research on the security and privacy of information and information systems
- Federal Information Processing Standards — Security standards
- Special Publications 800 — Computer security
- Special Publications 1800 — Cybersecurity practice guides
Last updated: Sep 30, 2024
Top