48 CFR § 511.171

48 CFR · Federal Acquisition Regulations System

§ 511.171 — Requirements for GSA Information Systems.

48 CFR § 511.171

TitleTitle 48: Federal Acquisition Regulations System PartPart 511: Describing Agency Needs

SourceeCFR (current through Apr 2, 2026)

This text of 48 C.F.R. § 511.171 (Requirements for GSA Information Systems.) is published on Counsel Stack Legal Research, covering United States primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

48 C.F.R. § 511.171 (2026).

Text

511.171 Requirements for GSA Information Systems.

(a)CIO coordination. The contracting officer shall ensure the requirements office has coordinated and identified possible CIO policy inclusions with the GSA IT prior to publication of a Statement of Work, or equivalent as well as the Security Considerations section of the acquisition plan to determine if the CIO policies apply. The CIO policies and GSA IT points of contact are available on the Acquisition Portal at https://insite.gsa.gov/itprocurement.

(b)GSA requirements. For GSA procurements (contracts, actions, or orders) that may involve GSA Information Systems, excluding GSA's government-wide contracts (e.g., Federal Supply Schedules and Governmentwide Acquisition Contracts), the contracting officer shall incorporate the applicable

Free access — add to your briefcase to read the full text and ask questions with AI

511.171 Requirements for GSA Information Systems.

(a) CIO coordination. The contracting officer shall ensure the requirements office has coordinated and identified possible CIO policy inclusions with the GSA IT prior to publication of a Statement of Work, or equivalent as well as the Security Considerations section of the acquisition plan to determine if the CIO policies apply. The CIO policies and GSA IT points of contact are available on the Acquisition Portal at https://insite.gsa.gov/itprocurement.

(b) GSA requirements. For GSA procurements (contracts, actions, or orders) that may involve GSA Information Systems, excluding GSA's government-wide contracts (e.g., Federal Supply Schedules and Governmentwide Acquisition Contracts), the contracting officer shall incorporate the applicable sections of the following policies in the Statement of Work, or equivalent:

(1) CIO 09-48, IT Security Procedural Guide: Security and Privacy IT Acquisition Requirements; and

(2) CIO 12-2018, IT Policy Requirements Guide.

(c) Waivers. (1) In cases where it is not effective in terms of cost or time or where it is unreasonably burdensome to include CIO 09-48, IT Security Procedural Guide: Security and Privacy IT Acquisition Requirements or CIO 12-2018, IT Policy Requirements Guide in a contract or order, a waiver may be granted by the Acquisition Approving Official as identified in the thresholds listed at 507.103(b), the Information System Authorizing Official, and the GSA IT Approving Official.

(2) The waiver request must provide the following information—

(i) The description of the procurement and GSA Information Systems involved;

(ii) Identification of requirement requested for waiver;

(iii) Sufficient justification for why the requirement should be waived; and

(iv) Any residual risks posed by waiving the requirement.

(3) Waivers must be documented in the contract file.

(d) Classified information. For any procurements that may involve access to classified information or a classified information system, see subpart 504.4 for additional requirements.

[87 FR 7395, Feb. 9, 2022; 87 FR 8964, Feb. 17, 2022]