In addition to FAR 39.000, this part prescribes acquisition policies and procedures for use in acquiring information technology and information technology-related supplies, services and systems, including information security, to include—
(a) Software management and development;
(b) Section 508 standards and compliance for contracts;
(c) Information security and incident response reporting;
(d) Protection of data about individuals;
(e) Cloud computing;
(f) Technology modernization and upgrade/refreshment; and
(g) Record management.
As used in this part—
Information means any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual (Committee on National Security Systems Instruction (CNSSI) 4009).
Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information (44 U.S.C. 3502).
Media means physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts onto which information is recorded, stored, or printed within an information system.