The Department of Veterans Affairs (VA) is proposing to amend and update its VA Acquisition Regulation (VAAR) in phased increments to revise or remove any policy superseded by changes in the Federal Acquisition Regulation (FAR), to remove procedural guidance internal to VA into the VA Acquisition Manual (VAAM), and to incorporate any new agency specific regulations or policies. This rulemaking revises the VAAR by adding a part covering Acquisition of Information Technology and revising coverage concerning Other Contracts for Goods and Services involving mandatory information, privacy, and security requirements to include policy concerning VA Sensitive Personal Information, information security, and liquidated damages requirements for data breach in the following parts: Administrative and Information Matters; Describing Agency Needs; Protection of Privacy and Freedom of Information, as well as Acquisition of Commercial Items. It also revises affected parts concerning Definitions of Words and Terms, and Solicitation Provisions and Contract Clauses…”
Source: VA Acquisition Regulation: Acquisition of Information Technology; and Other Contracts for Goods and Services Involving Information, VA Sensitive Information, and Information Security; and Liquidated Damages Requirements for Data Breach – November 17, 2021. Federal Register.