Federal government contracting is a multibillion‐dollar industry in the United States. Companies provide a wide range of services to the federal government, ranging from information technology to janitorial services to management consulting. To the extent that any of these businesses exchange data with the federal government, they must comply with a wide range of cybersecurity laws and regulations.

In recent years, Congress and federal agencies have intensified their scrutiny of contractors' cybersecurity practices, in the aftermath of contractor Edward Snowden's leak of massive volumes of classified National Security Agency documents and the breach of millions of Americans' security clearance applications with the Office of Personnel Management. This chapter provides a broad overview of the laws and regulations that are most likely to affect the cybersecurity of government contractors.

In short, cybersecurity requirements for government contractors depend on the types of information they handle. All contractors that handle federal government information systems must comply with the recently overhauled Federal Information Security Management Act and adopt controls that are structured around the National Institute of Standards and Technology's Special Publication 800‐53, which sets baseline requirements for cybersecurity of government information. Contractors that handle classified information must comply with much more ...