Federal acquisition rule sets 'baseline' for cybersecurity protections, with more to come

Federal acquisition rules released this week by the General Services Administration and the Defense Department are intended to establish a baseline for protecting contractor data systems as part of a broader process that will include additional requirements.

In its response to comments, the agencies defend the broad nature of the new rules, which deal with contractors' systems rather than data, as part of a longstanding Obama administration strategy for protecting controlled unclassified information.

“The intent is that the scope and...