Wiley.Law
FAR Council Proposes Major Overhaul of CUI Regulations for Contractors
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On June 23, 2026, the FAR Council proposed a rule to clarify contractor obligations regarding Controlled Unclassified Information (CUI) as part of a broader FAR overhaul. This rule mandates that contractors identify CUI in contracts using a new Standard Form and comply with NIST SP 800-171 cybersecurity requirements. The proposed changes aim to enhance clarity and guidance for contractors handling CUI, affecting a wide range of government contractors and their subcontractors. The public comment period for the proposed rule ends on July 23, 2026. Additionally, the FAR Council has removed certain obligations from a previous proposal, easing compliance for contractors. These changes are part of a government-wide effort to strengthen cybersecurity and supply chain security. The implications for contractors include potential loss of contract eligibility and exposure to False Claims Act liability for noncompliance.
Key Points: • FAR Council's proposed rule clarifies CUI obligations for contractors. • Contractors must use a new Standard Form to identify CUI in contracts. • Public comments on the proposed rule are due by July 23, 2026.