What are the practical implications of Applicability?

* Contractors providing services or non-COTS products must ensure their information systems meet the basic safeguarding standards outlined in FAR 52.204-21. * Primes and subcontractors can only bypass these cybersecurity requirements if the procurement is strictly for COTS items as defined in FAR 2.101.

← All Free ToolsGo back to previous tools page

Explore More Tools →

section4.1902

Applicability

Overview

This section defines the scope of FAR Subpart 4.19, specifying that basic safeguarding requirements apply to any acquisition where a contractor's information system processes, stores, or transmits Federal contract information.

Key Rules

Broad Scope: The subpart applies to all federal acquisitions, regardless of the procurement method.
Commercial Inclusion: It specifically includes the acquisition of commercial products and commercial services.
COTS Exception: Acquisitions of Commercially Available Off-The-Shelf (COTS) items are explicitly excluded from these requirements.
Triggering Condition: The rules are triggered whenever a contractor's information system may contain Federal contract information (FCI).

Practical Implications

Contractors providing services or non-COTS products must ensure their information systems meet the basic safeguarding standards outlined in FAR 52.204-21.
Primes and subcontractors can only bypass these cybersecurity requirements if the procurement is strictly for COTS items as defined in FAR 2.101.

Need help?

Get FAR guidance, audit prep support, and proposal insights from the AudCor team.

Talk to an expert

← 4.1901 Definitions 4.1903 Contract clause →