Persistent and pervasive high-profile breaches of Federal information continue to demonstrate the need to ensure that information security protections are clearly, effectively, and consistently addressed in contracts. The final rule will apply to DHS contractors that require access to CUI, collect or maintain CUI on behalf of the US Government, or operate Federal information systems, which include contractor information systems operating on behalf of the agency, that collect, process, store, or transmit CUI.