Cybersecurity Compliance Deadline for Government Contractors

Website Provided by

Complying with cybersecurity when part of a government contract could lead to further difficulties if the company has not done so by the deadline explained in the contract for business. Security through computers, networks and electronics is important and may ensure the safety of information remains within the company and with the government agency attached to the contract.

Cybersecurity protects the company and the government or agency from hacking, disclosures of information and theft of data. While a true hacker may still penetrate the defenses, most others should be deterred through the hardware and software utilized together to protect the details contained within the company computers and servers. These files often have encrypted data and are necessary for business transactions. Many are secrets for processes or recipes to manufacture products. When the company is attached, the transactions may initiate between the company and government agency and another business that is
attached to the contract or that is attempting to purchase the product.

When a company has started a government contract, it is required to follow a Federal Acquisition Regulation or the FAR which details the cybersecurity needs as well as most other processes that necessitate compliance. The deadlines to incorporate the security needs must be adhered to, or the contractual agreement may be in breach. The FAR is in league with the Department of Defense, and these two have very strict needs for cybersecurity that must be followed completely. To fail to satisfy these needs, the company may lose the current and all future government contracts for product manufacture and distribution.

The FAR in the Contract

Contractors must agree to the contract between the company and the federal government agency involved in the deal before any business transactions may occur through these agreements. When the company reads over the documentation, the FAR is examined and understood. Even if a lawyer must be hired or retained to unravel any confusion, it is crucial that the owner is fully aware of the provisions in the FAR to include any deadlines for regulations, rules and laws that affect how the business may continue with the contractual obligations. The deadlines are usually contained in the paperwork, so any delays could cost the entire contract for the company.

Contained in the Federal Acquisition Regulation is the contract information supplied from the federal government to the company contracting with the agency. There are fifteen different requirements that must be satisfied to safeguard and protect the data transmitted between the two parties. The information is not for public release or disclosure. The product manufactured with this information is to be created and supplied through the service with the government, but these details are not to be provided to the consumer unless specifically needed based on the FAR or government agency. Payment details, descriptions of recipes and transaction information are all to remain confidential.

The Deadline and Specifics

For contracts that have been initiated in 2017, the deadline specified in the FAR is December 31st 2017. While the cybersecurity measures must be in effect on this date, these do not include internal information for the company. These measures are for any data that will be transmitted or received by the government agency. An increase in software and hardware is usually necessary due to the lack of protocols initiated by most companies in these matters. However, if the business has been using a higher end security for cyber attacks and to avoid hacking, it is possible few upgrades will be needed.

The data that needs protecting is the confidential and classified materials that are used to create the products, what has already been stored and archived with the government agency that should not be disclosed to the public as well as any unclassified but still important data that needs safeguarding. These materials are usually marked or identified by the FAR or within the contract document. Anything that may be collected, developed and created, received or transmitted, used or stored by the agency and what is provided for performance of activities with the contract all requires protection.

Legal Help with Cybersecurity in Government Contracts

If there are any legal complications, it is important to hire a lawyer. Legal representation may not help the company get out of a contract, but the lawyer may protect the owner from criminal or civil charges issued from the government agency when the deadline has passed and the security measures are not enforced in full. It is imperative that all measures are taken by the deadline if possible.


Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.

Find a Lawyer

Find a Local Lawyer