For those who grew up gripping a joystick and dodging alien fire in Defender, riding ostriches through floating platforms in Joust, or crossing a hectic freeway in Frogger, winning wasn’t about memorizing rules; it was about adapting fast, reading the patterns, and leveling up. That same urgency now applies to federal information and communication technology (ICT) contractors. A sweeping overhaul of FAR Part 39 has just been released, and while it may not blink and beep like a cabinet in a darkened arcade, it’s just as demanding. There’s no attract mode here. The game has already started.
On June 12, 2025, the FAR Council issued a class deviation replacing the long-standing and somewhat outdated FAR Part 39 with a streamlined, modernized version focused on ICT. The federal government isn’t just swapping out a joystick; it’s rewriting the source code. This FAR 2.0 overhaul of Part 39 doesn’t merely revise a few clauses; it redefines the entire framework for how federal agencies procure modern technology. The transition from “information Technology” (IT) to “information and communication technology” reflects the centrality of tech to mission delivery. The focus has shifted from acquiring IT to enabling interconnected, secure, modular environments that respond dynamically to operational needs.
For contractors, the overhaul introduces both significant opportunities and meaningful risks. Faster acquisitions, tighter requirements, and modular expectations have eliminated the option of coasting through a long capture cycle like a casual game of Pole Position. This is Berzerk, and the walls are closing in.
So, what’s changed? Let’s drop that token and dive in.
From IT to ICT: No Longer Just Dodging Pixels
The previous version of FAR Part 39 was designed for an era when IT primarily meant servers, licenses, and help desks, a structure reminiscent of Q*bert, hopping around a simple, blocky design. Today’s landscape is vastly more complex. The new Part 39 broadens the field to encompass ICT, including artificial intelligence (AI) and machine learning platforms, edge devices, 5G infrastructure, internet of things sensors, and operational technologies.
This is no longer Galaga. It’s Robotron 2084, where threats and complexity come from every direction, demanding full situational awareness. To meet expectations, contractors must evolve offerings beyond static solutions. Agencies, taking cues from initiatives like the Department of Defense’s Software Fast Track (SWFT), now prioritize adaptable platforms, scalable components, and secure, integrated systems. Solutions that fail to align with this broader vision or, worse, lack interoperability risk being irrelevant in a high-stakes environment.
The Rulebook Is Shorter…and Less Forgiving
The revised Part 39 clears away outdated Office of Management and Budget circular references and anchors the rules directly in statutory authority, including 41 U.S.C. § 2308 (Modular contracting for information technology) and 29 U.S.C. § 794d (Electronic and information technology). While this streamlining enhances clarity, it also leaves less room for error. Noncompliant proposals will not be reviewed. The pace has quickened, akin to Space Invaders in its final rounds, with no time to hide behind diminishing barricades. Contractors unfamiliar with the path risk being overwhelmed.
Modular Contracting: No More One-Life Final Boss Runs
Modular contracting is now a core mechanic of FAR Part 39. In the past, agencies could issue sprawling, multiyear contracts in a single solicitation, comparable to rescuing Pauline from Donkey Kong in one long climb. That approach is now off the table. The new rule requires modular acquisitions to the maximum extent possible, with deliverables broken into manageable components completed within 18 months or less after the solicitation was issued. This aligns with 41 U.S.C. § 2308 and the government’s pivot toward agile development and incremental modernization.
This shift goes beyond terminology. Contractors must now rethink how work is scoped, priced, and executed. Instead of building an entire maze, as in Pac-Man, the task is to create each pellet track by track, ensuring seamless integration. Success depends on demonstrating how each module contributes to a flexible, evolving architecture. Agile development is no longer a token buzz phrase but requires real implementation in order to avoid contractual consequences. Pricing, risk management, and delivery must all operate in iterative, responsive cycles. Clinging to legacy approaches is likely to result in proposals crushed by the next flaming barrel.
Shared Risk: No Longer a Solo Campaign
Another major shift is the elevation of shared risk management. Under the legacy FAR Part 39, risk was often treated as a secondary concern, largely internal to the agency. Contractors operated in parallel, rarely integrated into risk strategy. The new framework changes that dynamic entirely. Risk is now embedded in every phase of the acquisition life cycle.
Section 39.101 requires full acquisition teams—contracting, technical, and program stakeholders—to assess and plan for risk before solicitations are issued. Section 39.103 extends that responsibility after an award by imposing a strong preference that tethers contractor performance to performance-based metrics. Clause 52.239-1, which in the past was narrowly focused on privacy and inconsistently applied, has been retired.
This change is especially critical in the context of modular contracting. Each module becomes a vehicle for risk mitigation, enabling incremental development and adjustment. The game has shifted from a long, linear mission like Donkey Kong Jr. to a strategic, adaptive series of levels, each requiring fresh tactics and risk responses. There’s no pause, no invincibility cheat. Risk is a co-op mission, and success demands both hands on the controls.
Accessibility: Complete This Level to Advance
Accessibility, once an afterthought in many procurements, now stands as a baseline requirement. Every ICT product or service must comply with Section 508 unless a documented, approved exemption is obtained. Even then, alternative access methods must be provided. There are no shortcuts. Like Dig Dug, it requires digging through every detail.
Success on this front involves maintaining accurate voluntary product accessibility templates (VPATs), integrating accessibility testing into development cycles, offering clear remediation plans, and validating user experience across assistive technologies. Claims of inclusion must be backed by demonstrable, verifiable action.
Cybersecurity: Always Under Attack
Cybersecurity has moved from the margins to the core. Clause 52.239-1 has been retired, with cybersecurity requirements now governed by FAR 4.19 and 52.204-21. The removal of the old clause marks a shift from passive enforcement to mandatory compliance. Previously, security expectations were scattered and often vague, like an unclaimed bonus round in Gauntlet. Now, FAR 52.204-21 functions as the default system loadout for any contractor managing federal contract information.
This upgrade demands real, operational defenses. Contractors operating in this environment must ensure systems are hardened, patched, and ready to defend against persistent threats. The controls are tighter, the enemies faster, and the stakes higher—more Galaxian than Asteroids Deluxe.
Accelerated Procurement Cycles: No Extra Lives
Federal ICT acquisition has entered a high-speed mode. The combined updates to FAR Part 39 and FAR Part 10 have created a tempo shift. Agencies are issuing modular buys and task orders with Tapper-like speed. Under FAR 39.102, short, iterative procurements have become the norm. Deliverables are expected within tight time frames, often under 18 months from solicitation issuance, leaving little time for traditional preparation cycles.
Revised FAR Part 10 reinforces this urgency by allowing agencies broad discretion in conducting market research. Per FAR 10.001(b), agencies must perform research “appropriate to the circumstances” without being bound to tools like requests for information or draft requests for proposals (RFPs). When purchasing through vehicles like General Services Administration schedules, blanket purchase agreements, or governmentwide acquisition contracts, procurements can happen with minimal public notice. Contractors not already positioned on these vehicles may find themselves excluded from the entire opportunity pipeline.
This new rhythm resembles Centipede, with rapid movement, decentralized threats, and compressed decision windows. The traditional model of waiting for a draft RFP and responding within 90 days is increasingly obsolete. Firms must remain vigilant, maintain readiness, and foster ongoing engagement with their agencies to stay competitive.
Final Boss Strategy: Training, Readiness, and Precision Execution
Winning in this environment demands strategy. First, teams must be trained across business development, engineering, and proposal functions and in modularity, risk management, accessibility, and security. Second, the proposal infrastructure must be updated to include compliance artifacts, sprint plans, key performance indicators, and risk registers. Third, internal systems should be audited for Cybersecurity Maturity Model Certification alignment, VPAT accuracy, and reporting capability. Fourth, continuous monitoring is essential; deviations must be tracked, RFPs anticipated, and agency signals followed.
In this new landscape, firms focused on narrow-scope tools or stand-alone software are playing a 4-bit game in a 4K world. Agencies now expect holistic, modular, and integrated ecosystems—AI plug-ins, edge computing, centralized data control, and smart sensors communicating with secure clouds. There’s no faking it. This is Tempest 4000, not Pong.
[View source.]
