StacksVerified U.S. regulatory reference

48 CFR §1239.000

Verified against eCFR.gov as of June 20, 2026View official text on eCFR.gov
In addition to FAR 39.000, this part prescribes acquisition policies and procedures for use in acquiring information technology and information technology-related supplies, services and systems, including information security, to include—
  1. (a)Software management and development;
  2. (b)Section 508 standards and compliance for contracts;
  3. (c)Information security and incident response reporting;
  4. (d)Protection of data about individuals;
  5. (e)Cloud computing;
  6. (f)Technology modernization and upgrade/refreshment; and
  7. (g)Record management.