VA Tightens Cyber Screws on Contractors: Standard Security Update
Published Date: 1/5/2026
Notice
Summary
The Department of Veterans Affairs is updating a contract rule about keeping information and computer systems safe. This affects companies working with the VA, who’ll need to follow new security steps and share some info. Comments on these changes are open until March 6, 2026, with no new costs expected, just smarter security.
Analyzed Economic Effects
3 provisions identified: 0 benefits, 3 costs, 0 mixed.
Must report VA data breaches
If you are a company that contracts with the VA and have access to VA information or information systems, the VAAR clause 852.204-71 requires you to report any known or suspected security or privacy incidents or data breaches related to VA information or systems. This rule comes from VA section 804.1970 and implements the Federal Information Security Modernization Act of 2014.
Notify VA when employees lose access
If you contract with the VA and your employee who had access to VA information is reassigned or terminated and no longer needs access, the VAAR clause 852.204-71 requires you to notify the VA. This is part of contractor general responsibilities under VA section 804.1970 to protect VA information and systems.
Paperwork burden estimate for contractors
The VA estimates the information collection (OMB Control No. 2900-0900) will cause 4,069 hours of annual burden in total, with an estimated 8,223 respondents and an average burden of 30 minutes per respondent. The frequency of response is listed as less than quarterly.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Department and Agencies
Related Federal Register Documents
2025-21242 — Extending Deadline for Debtor To Request a Waiver
The VA is giving veterans more time—up to one year instead of 180 days—to ask for a waiver on debts related to benefits. This change, effective January 26, 2026, helps reduce stress by giving veterans extra breathing room to handle their debt issues. It doesn’t cost veterans extra money but makes the process friendlier and fairer.
2025-18827 — Extension of Program of Comprehensive Assistance for Family Caregivers Eligibility for Legacy Participants and Legacy Applicants
The VA is giving family caregivers of veterans more time to stay in their special support program by extending the deadline from 2025 to 2028. This means caregivers and veterans who joined the program earlier (the legacy group) can keep getting help for three more years. No changes to money or benefits, just extra time to enjoy the support they deserve!
2025-14687 — Reproductive Health Services
The VA is planning to stop covering abortions and abortion counseling again, reversing a 2022 change. This affects veterans and their families who use VA and CHAMPVA health benefits. The change aims to focus VA services on what they consider essential care, with no new costs or timing details shared yet.
2026-06004 — Notice of Exception to Date of Receipt Rule
Because of a big Canadian postal strike from November 15 to December 17, 2024, mail to and from Canada was seriously delayed. To help veterans and claimants in Canada, the VA is making a temporary rule change so late mail won’t hurt their benefits or claims. This exception started after mail service fully resumed on January 6, 2025, making sure no one loses out because of the strike delays.
2026-05982 — Agency Information Collection Activity Under OMB Review: Application for High-Technology Veterans Education, Training and Skills (VET TEC 2.0) Program
The VA is rolling out a new application for the VET TEC 2.0 program, helping veterans get training in cool tech jobs outside traditional college paths. Veterans under 62 with at least 3 years of service can apply, and the program runs through September 2027. Comments on the application process are open until April 27, 2026, so now’s the time to weigh in!
2026-05740 — Agency Information Collection Activity: Department of Veterans Affairs Acquisition Regulation (VAAR)-Information Security and Privacy Contract Clauses
The Department of Veterans Affairs is updating rules to keep veterans' information safe when contractors work with their computer systems. These changes affect companies that provide IT services or develop and host VA information systems. Comments on these updates are open until April 24, 2026, and the goal is to make sure everyone handles data securely without adding extra costs.
Previous / Next Documents
Previous: 2025-24262 — Combined Notice of Filings
The Federal Energy Regulatory Commission got a bunch of new filings from natural gas pipeline companies about their rates and refunds. These filings include new negotiated rates and some housekeeping changes that mostly take effect in early 2026. If you’re involved with these pipelines or use their services, keep an eye out—comments on these changes are due by January 12, 2026, and some rate updates start as soon as January 1.
Next: 2025-24266 — Information Collection Requirements; Defense Federal Acquisition Regulation Supplement; Contractors Performing Private Security Functions Outside the United States
The Department of Defense is updating rules for companies that provide private security outside the U.S. These contractors must report certain security incidents more clearly, helping keep everyone safer. About 10 businesses will spend a little extra time on paperwork, with comments open until February 4, 2026.
Take It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in