On May 16, 2016, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a Final Rule to add a new subpart and contract clause (52.204-21) to the Federal Acquisition Regulation (FAR) “for the basic safeguarding of contractor information systems that process, store, or transmit Federal contract information.” See 81 Fed. Reg. 30439 (May 16, 2016). The Rule imposes a set of fifteen “basic” security controls for contractor information systems upon which “Federal contract information” transits or resides. The Final Rule does not relieve obligations that a contractor may face for the safeguarding of other government information, including controlled unclassified information or covered defense information. Indeed, the Final Rule is only the first step in a number of interrelated regulatory actions being taken in the cybersecurity area. Based on its scope, the vast majority of federal contractors will be covered by this Final Rule once they accept the new FAR clause. Please see our in-depth analysis here