FAR 52.204.21

What is it?

Federal Acquisition Regulation (FAR) 52.204.21 titled, “Basic Safeguarding of Covered Contractor Information Systems” governs Federal Contract Information (FCI) and lays out 15 controls organizations must implement to protect FCI from public disclosure.

Who does it apply to?

Contractors who do business with the Federal Government will be required to abide by this regulation. Anyone who receives or produces FCI from, or on behalf of the government is subject to this regulation.

What do you have to do about it?

Safeguarding FCI from public release is the goal of this regulation. You may have additional regulations depending on your exact situation. If you work for the Department of Defense, you will have to meet CMMC Level 1 requirements, as described in the Defense Federal Acquisition Regulation (DFARS) 252.204-7012 and 252.204-7021. Contractors dealing with CUI will have additional regulations and security control requirements. See CUI and NIST/CMMC Level 2 for more information.

How can we help?

Here at SherTech we will help you every step of the way. From Gap Assessments to identify inadequate controls, vulnerability scanning, risk management, System Security design and CMMC Level 1 implementation.