US Government Wide Regulations
U.S. Government Contractors are required to be aware of and comply with several existing and evolving federal regulations and requirements for cybersecurity. The references below highlight those that Parsons’ teammates and suppliers need to be aware of.
Presidential Executive Orders
- EO 13556 – Controlled Unclassified Information
- Final Rule on CUI
- CUI Registry, Training and Oversight
- EO 13636 – Improving Critical Infrastructure Cybersecurity
- Presidential Policy Directive (PPD) 21 – Critical Infrastructure Security and Resilience
- Department of Homeland Security: Strengthening the Security and Resilience of the Nation’s Critical Infrastructure
Federal Acquisition Regulations
- FAR Part 12 – Acquisition of Commercial Items
- FAR 52.204-21: Basic Safeguarding of Contractor Information Systems: Effective May 16, 2016, this FAR added a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store, or transmit Federal contract information. There are 15 safeguarding requirements and procedures. The clause does not relieve the contractor of any other specific safeguarding requirement.
- FAR 52.224-3: Privacy Training: Effective January 19, 2017, federal contractors are required to meet training obligations to address the protection of privacy in accordance with the Privacy Act of 1974 and the handling and safeguarding of personally identifiable information (PII).
Critical Infrastructure Sector/Agency Specific
- Defense Sector: October 2016 Final Rule
- Energy Sector: Cybersecurity Framework Implementation Guidance
- Financial Sector: Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Awareness