In addition to FAR 39.000, this part prescribes acquisition policies and procedures for use in acquiring information technology and information technology-related supplies, services and systems, including information security, to include—
- (a) Software management and development;
- (b) Section 508 standards and compliance for contracts;
- (c) Information security and incident response reporting;
- (d) Protection of data about individuals;
- (e) Cloud computing;
- (f) Technology modernization and upgrade/refreshment; and
- (g) Record management.