FAR 39.101—Policy.
Plain-English Summary
FAR 39.101 is the core policy section for acquiring information technology and related technology-dependent products and services. It tells agencies and contracting officers what requirements must be built into IT acquisitions, including compliance with OMB Circular A-130, sustainable products and services requirements, power management and energy-efficiency features, and best practices for energy-efficient server and data center management. It also addresses financial management systems under OMB Circular A-127 and limits agencies to core financial management software certified by the Joint Financial Management Improvement Program. In addition, it requires agencies to include appropriate IT security policies and standards, Internet Protocol compliance requirements, and market-research-based acquisition strategies that account for rapid technology change and refreshment. The section also incorporates several government-wide procurement prohibitions and restrictions, including the ban on Kaspersky Lab products and services, restrictions on covered telecommunications equipment and services, the TikTok/covered application prohibition, FASCSA order-based prohibitions on covered articles and sources, and unmanned aircraft system prohibitions. In practice, this section is a compliance checkpoint: it forces agencies to screen IT buys for security, privacy, sustainability, interoperability, supply-chain risk, and statutory or executive-branch prohibitions before award or renewal.
Key Rules
Follow A-130 for IT needs
When acquiring information technology, agencies must identify requirements under OMB Circular A-130. That includes security of resources, privacy protection, national security and emergency preparedness, accessibility for individuals with disabilities, and energy efficiency.
Include sustainability requirements
IT acquisitions must consider the requirements for sustainable products and services under subpart 23.1. Agencies also must address power management and other energy-efficient or environmentally preferable features for electronic products, plus best management practices for servers and Federal data centers.
Use market research and refreshment
When developing an acquisition strategy, contracting officers should use market research and consider the fast-changing nature of IT. They should also plan for technology refreshment techniques so the solution does not become obsolete during performance.
Comply with financial systems policy
For financial management systems, agencies must follow OMB Circular A-127. They may acquire only core financial management software certified by the Joint Financial Management Improvement Program.
Build in security and standards
IT acquisitions must include appropriate security policies and requirements, including common security configurations available from NIST. Contracting officers should coordinate with the requiring official to ensure the right standards are incorporated.
Address Internet Protocol compliance
When acquiring IT using Internet Protocol, agencies must include the applicable IP compliance requirements in accordance with FAR 11.002(g). This ensures the acquisition aligns with required network and interoperability standards.
Exclude prohibited products and services
Contracting officers may not purchase hardware, software, or services developed or provided by Kaspersky Lab for Government use on or after October 1, 2018. Agencies also must comply with the separate prohibition on covered applications such as TikTok.
Apply telecom supply-chain restrictions
On and after August 13, 2019, contracting officers may not procure or obtain covered telecommunications equipment or services as a substantial or essential component, or as critical technology, unless an exception or waiver applies. On and after August 13, 2020, agencies may not contract with entities that use such equipment or services, even if the use is outside Federal contract performance, unless an exception or waiver applies.
Follow FASCSA order bans
Executive agencies are prohibited from procuring or obtaining covered articles, or products or services produced or provided by a source, including contractor use of covered articles or sources, when prohibited by an applicable FASCSA order issued by the designated national security officials.
Observe drone prohibitions
Executive agencies must comply with the prohibitions on unmanned aircraft systems, such as drones, under FAR 40.202. These restrictions must be checked before acquisition or contract extension.
Responsibilities
Contracting Officer
Identify and incorporate the required IT, security, sustainability, IP, and policy requirements into solicitations and contracts. Use market research, consider technology refreshment, consult with the requiring official on security standards, and ensure prohibited products, services, and entities are not procured or contracted with unless an exception or waiver applies.
Requiring Official / Program Office
Define the agency’s operational requirements and work with the contracting officer to ensure the correct security standards, configurations, and performance needs are included. Provide mission-specific information needed to support compliant acquisition planning.
Agency
Follow the applicable OMB circulars and FAR prohibitions, maintain acquisition policies that reflect sustainability, security, and supply-chain restrictions, and ensure agency-wide compliance with bans and waiver/exception processes.
IT Security / Information Assurance Personnel
Help identify and specify the appropriate security policies, common security configurations, and technical controls for the acquisition. Support the contracting officer in ensuring the solicitation and contract reflect current security requirements.
Financial Management Community
For financial management systems, ensure acquisitions comply with OMB Circular A-127 and that only JFMIP-certified core financial management software is acquired.
Contractor / Offeror
Avoid offering prohibited products, services, or sources; disclose relevant supply-chain information when required; and ensure proposed solutions comply with security, IP, sustainability, and other stated requirements.
Practical Implications
This section is a pre-award compliance filter, not just a policy statement. If the acquisition team misses one of these requirements, the agency can end up with an unusable, noncompliant, or prohibited product or service.
Technology buys need more than functional requirements. Contracting officers should think about cybersecurity, privacy, accessibility, energy use, refresh cycles, and data-center/server efficiency early in acquisition planning.
Supply-chain screening is essential. The Kaspersky, covered telecommunications, FASCSA, TikTok, and drone-related restrictions can bar award, renewal, or extension even when the product otherwise meets mission needs.
Financial systems acquisitions are especially constrained. Agencies cannot simply buy any software that looks suitable; they must verify A-127 compliance and JFMIP certification where required.
A common pitfall is failing to coordinate with the requiring official and security staff. The result is often a solicitation that omits required standards or a contract that later needs correction, waiver review, or termination.
Official Regulatory Text
(a) (1) In acquiring information technology, agencies shall identify their requirements pursuant to- (i) OMB Circular A-130, including consideration of security of resources, protection of privacy, national security and emergency preparedness, accessibility for individuals with disabilities, and energy efficiency; (ii) The requirements for sustainable products and services (as defined in 2.101 ) in accordance with subpart 23.1 ; (iii) Policies to enable power management and other energy-efficient or environmentally preferable features on all agency electronic products; and (iv) Best management practices for energy-efficient management of servers and Federal data centers. (2) When developing an acquisition strategy, contracting officers should consider the rapidly changing nature of information technology through market research (see part 10) and the application of technology refreshment techniques. (b) Agencies must follow OMB Circular A-127, Financial Management Systems, when acquiring financial management systems. Agencies may acquire only core financial management software certified by the Joint Financial Management Improvement Program. (c) In acquiring information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of Standards and Technology’s website at http://checklists.nist.gov . Agency contracting officers should consult with the requiring official to ensure the appropriate standards are incorporated. (d) When acquiring information technology using Internet Protocol, agencies must include the appropriate Internet Protocol compliance requirements in accordance with 11.002 (g). (e) Contracting officers shall not purchase any hardware, software, or services developed or provided by Kaspersky Lab that the Government will use on or after October 1, 2018. (See 4.2002 .) (f) (1) On or after August 13, 2019, contracting officers shall not procure or obtain, or extend or renew a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system on or after August 13, 2019, unless an exception applies or a waiver is granted. (See subpart 4.21 .) (2) On or after August 13, 2020, agencies are prohibited from entering into a contract, or extending or renewing a contract, with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception applies or a waiver is granted (see subpart 4.21 ). This prohibition applies to the use of covered telecommunications equipment or services, regardless of whether that use is in performance of work under a Federal contract. (g) See the prohibition in 4.2202 on the presence or use of a covered application (“TikTok”). (h) Executive agencies are prohibited from procuring or obtaining, or extending or renewing a contract to procure or obtain, any covered article, or any products or services produced or provided by a source, including contractor use of covered articles or sources, if prohibited from doing so by an applicable FASCSA order issued by the Director of National Intelligence, Secretary of Defense, or Secretary of Homeland Security (see 4.2303 ). (i) Executive agencies must comply with the prohibitions on unmanned aircraft systems (e.g., drones) in accordance with 40.202 .