Details about FAR Title 32 CFR Part 2002
The requirements and security controls of FAR Title 32 CFR Part 2002 have been determined over time to provide the necessary protection for federal information and systems that are covered under The Federal Information Security Modernization Act (FISMA) of 2014 requires federal agencies to identify and provide information security protections commensurate with the risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information collected or maintained by or on behalf of an agency; or information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency. This publication focuses on protecting the confidentiality of Controlled Unclassified Information (CUI) in nonfederal systems and organizations, and recommends specific security requirements to achieve that objective. It does not change the information security requirements set forth in FISMA, nor does it alter the responsibility of federal agencies to comply with the full provisions of the statute, the policies established by OMB, and the supporting security standards and guidelines developed by NIST.
We are a federal contractor, but we don’t have any Department of Defense (DoD) contracts. What does FAR Title 32 CFR 2002 mean to me?
If you are a Federal Contractor that has signed a contract containing this clause, your company is likely already required to meet these controls. Additionally, if you are not currently meeting them, you may be at risk of contract default. There are only 16 controls, so this isn’t too difficult or expensive, but you will almost certainly have to change procedures and policies, likely incurring some level of capital expenditures to replace or upgrade computers, network equipment, applications, or email systems. Our employees are experienced helping companies like you meet these requirements with minimal impact to your workflow and budget.