FAR 40—Reserved

Scope of part.

FAR 40.000 explains the scope of FAR part 40 and tells readers what kinds of security issues this part covers in federal acquisitions. It focuses on broad security requirements for acquiring products and services, including policies and procedures for managing information security and supply chain security, with express coverage of acquisitions involving information and communications technology (ICT) but not limited to ICT. The section also points readers to related FAR parts that handle adjacent or overlapping issues: part 39 for security-related policies and procedures that apply only to ICT, parts 4, 24, and 46 for additional information-security and supply-chain-security procedures, and other FAR parts for nonsecurity policy areas that may affect supply chains or information handling. In practice, this section matters because it helps contracting personnel and contractors identify which security rules belong in part 40, which are found elsewhere in the FAR, and which issues are outside the security framework altogether. That prevents gaps, duplication, and misapplication of requirements when drafting solicitations, evaluating offers, and administering contracts involving sensitive products, services, or supply chains.

Subpart 40.2