On March 20, 2024, USAID published the “Security and Information Technology Requirements” final rule in the Federal Register. This final rule incorporates feedback from public comments in response to its predecessor proposed rule. The final rule includes a summary of comments received from the public, USAID’s responses, and changes made to the clauses as a result. This final rule is effective May 20, 2024. In the interim, USAID is developing updates to its internal procedures, including related content found in AAPD 16-02.
USAID determined that two clauses from the proposed rule are no longer required and were removed from the final rule. As such, these two specific clauses identified below – whose full text can be found in the proposed rule – shall no longer be included in new solicitations or contracts, or enforced under existing contracts:
- “Software License” (May 2016)
- “Skills and Certification Requirements for Privacy and Security Staff” (Apr 2018)
Individual contractors, at their discretion, may make a request to their cognizant Contracting Officer (CO) to remove the above clauses via modification to the contract. Otherwise, for contracts that contain these clauses, USAID will take no action to enforce these two clauses.
For any questions about this letter, please contact your cognizant CO. A copy of this letter has been posted on USAID’s Implementing Partner Notice portal as Notice #22.