What is FAR, and Who Does It Apply To?
FAR stands for the Federal Acquisition Regulation, which sets out the rules government agencies must follow when engaging private industry contractors with appropriated funds. FAR 52.204-21 specifically establishes a set of baseline cybersecurity standards that participating contractors will need to follow when working with U.S. government agencies.
FAR’s cybersecurity provisions apply to any information systems a contractor operates that stores, processes, or transmits federally-owned information. While this information doesn’t include basic transactional information or information that is publicly-accessible, it does cover all other non-public information that government agencies provide or generate under contracts for developing or delivering products and services. To protect this information, contractors are required to implement 15 basic safeguarding mechanisms, which include incorporating user and data access controls, authentication procedures, physical access controls, software and firmware updates, and data retention protocols.
How Does FAR Hosting Work?
Government contractors today must demonstrate they’re using adequate security controls in order to secure new projects with federal agencies. Using encrypted virtual cloud hosting to store government data can help. Our HIPAA and ePHI-compliant virtual cloud hosting platform, Abacus Private Cloud, can be configured to meet FAR standards and other cybersecurity requirements relevant to specific federal agency projects. This allows you to manage your data anywhere on any device while leveraging 2FA; 256-bit AES encryption; three layers of server, physical, and data security; and other FAR-compliant controls.
What Do I Need to Do to Audit and Maintain Compliance with the FAR?
Our hosting team can configure your cloud account to meet FAR data security standards. Additionally, we routinely use NIST and AICPA -approved auditing standards to analyze and report on the status of our security controls, and take proactive action to analyze and patch potential vulnerabilities.
Are there AbacusNext Clients Who are Compliant with FAR?
Yes! Contact us to learn how Abacus Private Cloud can help you achieve FAR compliance, and schedule a cybersecurity audit with us today to see whether your existing data security safeguards are up to speed.