Skip to content
LexBuild

48 CFR § 40.000 - 40.000 Scope of part. 

---
identifier: "/us/cfr/t48/s40.000"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "48 CFR § 40.000 - 40.000   Scope of part."
title_number: 48
title_name: "Federal Acquisition Regulations System"
section_number: "40.000"
section_name: "40.000   Scope of part."
chapter_number: 1
chapter_name: "FEDERAL ACQUISITION REGULATION"
subchapter_number: "F"
subchapter_name: "SPECIAL CATEGORIES OF CONTRACTING"
part_number: "40"
part_name: "INFORMATION SECURITY AND SUPPLY CHAIN SECURITY"
positive_law: false
currency: "2026-04-05"
last_updated: "2026-04-05"
format_version: "1.1.0"
generator: "[email protected]"
authority: "40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113."
regulatory_source: "89 FR 22605, Apr. 1, 2024, unless otherwise noted."
cfr_part: "40"
---

# 40.000 40.000   Scope of part.

(a) This part addresses broad security requirements that apply to acquisitions of products and services. It prescribes policies and procedures for managing information security and supply chain security when acquiring products and services that include, but are not limited to, information and communications technology (ICT).

(b) See part 39 for security-related policies and procedures that only apply to ICT.

(c) See parts 4, 24, and 46 for additional policies and procedures related to managing information security and supply chain security.

(d) Information and supply chain policies and procedures that are unrelated to security are covered in other parts of the FAR (*e.g.,* part 22 for labor and human trafficking risks and part 23 for climate-related risks).