FAR Council Proposes Major Overhaul of CUI Regulations for Contractors

FAR Council Proposes Major Overhaul of CUI Regulations for Contractors

First seen 2 Jul 2026, 18:59 UTC SkaddenWiley.Law 76% similarity 39.9
Share:

Article Content

Browse articles
ThreatCluster

On June 23, 2026, the FAR Council proposed a rule to clarify contractor obligations regarding Controlled Unclassified Information (CUI) as part of a broader FAR overhaul. This rule mandates that contractors identify CUI in contracts using a new Standard Form and comply with NIST SP 800-171 cybersecurity requirements. The proposed changes aim to enhance clarity and guidance for contractors handling CUI, affecting a wide range of government contractors and their subcontractors. The public comment period for the proposed rule ends on July 23, 2026. Additionally, the FAR Council has removed certain obligations from a previous proposal, easing compliance for contractors. These changes are part of a government-wide effort to strengthen cybersecurity and supply chain security. The implications for contractors include potential loss of contract eligibility and exposure to False Claims Act liability for noncompliance.

Key Points: • FAR Council's proposed rule clarifies CUI obligations for contractors. • Contractors must use a new Standard Form to identify CUI in contracts. • Public comments on the proposed rule are due by July 23, 2026.

ThreatCluster AI

Timeline

2026-06-23
FAR Council proposed new CUI regulations
The FAR Council issued a proposed rule to clarify contractor obligations regarding Controlled Unclassified Information (CUI).
Wiley.Law
2026-06-29
Skadden reports on FAR CUI rule changes
Skadden highlighted the significant compliance changes for government contractors due to the proposed FAR CUI rule.
Skadden
2026-07-23
Public comment period ends
The deadline for public comments on the proposed CUI rule is set for July 23, 2026.
Wiley.Law

Community

Browse all →