FAR 39.002—Definitions.
Plain-English Summary
FAR 39.002 provides the core definitions used in FAR Part 39, which governs the acquisition of information technology. This section defines two key terms: "modular contracting" and "national security system." The modular contracting definition explains the acquisition strategy of buying IT systems in successive, interoperable increments through one or more contracts, rather than as a single large buy. The national security system definition identifies the kinds of telecommunications and information systems that fall within a special category because of their connection to intelligence, cryptologic, military command and control, weapons systems, or mission-critical defense and intelligence functions. It also expressly excludes routine administrative and business systems such as payroll, finance, logistics, and personnel management. In practice, these definitions matter because they shape how agencies plan, structure, and justify IT acquisitions, and they determine when special security, mission, and acquisition considerations apply.
Key Rules
Modular contracting definition
Modular contracting means acquiring an information technology system in successive increments that are interoperable with one another. The key idea is that the government can break a large IT need into smaller, manageable pieces while still ensuring the pieces work together.
Successive contract increments
The definition contemplates using one or more contracts over time, not necessarily a single award. Each increment should deliver usable capability and fit into the overall system architecture.
National security system scope
A national security system includes telecommunications or information systems operated by the U.S. Government when their function, operation, or use involves intelligence activities, cryptologic activities related to national security, command and control of military forces, equipment integral to a weapon or weapons system, or systems critical to military or intelligence missions.
Routine business systems excluded
Systems used for ordinary administrative and business functions are not national security systems, even if they are government-operated. The regulation specifically excludes payroll, finance, logistics, and personnel management applications.
Interoperability matters
For modular contracting, the increments must be interoperable. This means agencies must plan for compatibility and integration from the start, rather than treating each increment as a standalone solution.
Responsibilities
Contracting Officer
Identify whether the acquisition is being structured as modular contracting and ensure the acquisition approach supports successive, interoperable increments. Also determine whether the system falls within the national security system definition so the correct acquisition and security considerations are applied.
Program/IT Requirement Owner
Define the system need in a way that supports incremental delivery and interoperability if modular contracting is used. Provide enough mission and technical information to determine whether the system is a national security system or a routine administrative system.
Agency
Plan IT acquisitions consistent with Part 39 definitions, including using modular contracting when appropriate and properly classifying systems that implicate national security. Ensure acquisition planning, architecture, and security policies align with the system’s category.
Contractor
Design and deliver IT solutions that can integrate with other increments when modular contracting is used. Understand and comply with any heightened security, mission, or integration requirements that flow from a system being treated as a national security system.
Practical Implications
Agencies cannot treat modular contracting as a vague buzzword; it requires real planning for incremental delivery and interoperability.
Misclassifying a system as a national security system can impose unnecessary controls, while failing to recognize one can create serious security and mission risk.
Routine back-office systems are expressly excluded from the national security system definition, so agencies should not over-apply the term to ordinary enterprise applications.
Contractors should expect more detailed interface, integration, and architecture requirements when an acquisition uses modular contracting.
The definition of national security system is broad enough to cover more than weapons themselves; systems supporting intelligence, cryptology, command and control, or mission-critical functions may qualify.
Official Regulatory Text
As used in this part- Modular contracting means use of one or more contracts to acquire information technology systems in successive, interoperable increments. National security system means any telecommunications or information system operated by the United States Government, the function, operation, or use of which- (1) Involves intelligence activities; (2) Involves cryptologic activities related to national security; (3) Involves command and control of military forces; (4) Involves equipment that is an integral part of a weapon or weapons system; or (5) Is critical to the direct fulfillment of military or intelligence missions. This does not include a system that is to be used for routine administrative and business applications, such as payroll, finance, logistics, and personnel management applications.