j1of1

In another step in a series to strengthen protection of information systems DoD on 16 May 2016 added a new FAR subpart 4.19 and contract clause 52.204-21 for the "Basic Safeguarding of Covered Contractor Information Systems." The focus of this new rule is on the safeguarding of contractor information SYSTEMS that are owned or operated by a contractor that processes, stores or transmits Federal contract information. Previous cybersecurity guidance (DFARS) was released - and is still in effect - regarding protecting information. This new rule pertaining to information SYSTEMS becomes effective this month (June, 2016) for new contracts or when the contractor accepts the clause. There is a FLOWDOWN requirement. Contractors must flow down the requirement to safeguard information systems to subcontracts at all tiers under the effected contract in which "the subcontractor may have Federal information residing in or transiting through its information system." My question: Is the flow-down requirement applicable to foreign contractors and ITAR data that has been shared through State?