Start Free Trial
Home/Regulations/FAR / DFARS — Federal Acquisition Regulations — Regulatory Reference
Regulatory Reference
Public Sector Federal (US) high

FAR / DFARS — Federal Acquisition Regulations — Regulatory Reference

Contractor cybersecurity and data handling — access controls, encryption, and incident reporting for AI agents on government contracts.

Key Provisions
  • FAR Part 52 — solicitation provisions and contract clauses
  • DFARS 252.204-7012 — safeguarding CUI; cyber incident reporting (72 hours)
  • DFARS 252.204-7019 / 7020 — NIST SP 800-171 DoD assessment requirements
  • DFARS 252.204-7021 — CMMC requirements (phased)
How AutoPIL Enforces It
  • Audit chain supports 72-hour cyber incident reporting by surfacing AI exposure scope
  • CUI classified at HIGH sensitivity; covered defense information at CRITICAL
  • Agent registry supports contractor reporting on AI tools used in performance
Policy EngineAudit LogSensitivity LabelsAgent RegistryKey Scoping
AutoPIL Policy IDs
PS-DFARS-7012-00172-Hour Incident Report Audit Support
PS-DFARS-CMMC-001CMMC Evidence for AI Agents
Official Sources
https://www.acquisition.gov/farhttps://www.acquisition.gov/dfars

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries