On July 13, 2026, the Department of Defense (DoD) announced the immediate suspension of the Cybersecurity Maturity Model Certification (CMMC) Phase 2, which had been scheduled to take effect on November 10, 2026. Phase 2 would have made third-party assessment organization (C3PAO) certification at CMMC Level 2 a condition of award for applicable contracts involving controlled unclassified information (CUI). The suspension is broader than the headline suggests. Phases 3 and 4 and all future implementation milestones are frozen until further notice.

Before you pause your compliance spend, ask the right questions:

  • With no third-party assessor, whose signature now carries the legal risk? Yours.
  • Does your prime contract care what the Pentagon announced? No, and it still binds you.
  • That gap assessment in your files documenting your shortfalls? It did not evaporate.
  • Why a memo instead of a regulation? Because a memo can be reversed just as fast.

A new CMMC Reform Task Force, reporting to the DoD Chief Information Officer (CIO), will review the program and report within 60 days, drawing on responses to a public request for information due August 14, 2026. DoD’s CIO stated that Small Business Administration data suggest future CMMC phases could cost small and midsize businesses more than $7 billion annually. Expectations are also misaligned due to an assessor shortage, with more than 100,000 companies needing assessments and roughly 100 authorized C3PAOs. Officials declined to rule out ending the program entirely, and the Cyber AB was not told before the announcement.

Continue Reading DoD Suspends CMMC Phase 2. What Happened, What It Means, and What Nobody Is Telling You

Peak summer travel season has jet fuel moving by the millions of gallons, so there is a certain irony in a fuel-supply dispute that turned on an email no one at the agency ever opened. A contractor sent its proposal a day early, got an automated message saying the email was delivered, and lost the competition anyway. The agency never saw the bid. That is the short version of Rick Aviation, Inc. v. United States, No. 25-1604 (Fed. Cl. June 17, 2026), a post-award protest recently decided at the Court of Federal Claims. The opinion is a useful—and painful—refresher on what “received” actually means under the Federal Acquisition Regulation and on how little sympathy a court will extend when the offeror caused the problem.

Continue Reading Grounded Before Takeoff: A Cautionary Tale on the “Late-Is-Late” Rule

On June 11, 2026, the Small Business Administration (SBA) issued a much-anticipated proposed rule aimed at overhauling the 8(a) Business Development Program. More specifically, the proposed rule, entitled “Reforms To Remove SBA’s 8(a) Program’s Rebuttable Presumption of Social Disadvantage” and codified at 91 Fed. Reg. 35433, would significantly alter how “social disadvantage” is established for purposes of 8(a) eligibility.

To a certain extent, this rule simply codifies changes that are already in effect (in practice, if not yet reflected in the regulations) as a result of the now-infamous case Ultima Servs. Corp. v. U.S. Dep’t of Agric., which enjoined the SBA from using the rebuttable presumption of social disadvantage for certain racial or ethnic classes. However, the new proposed rule goes further than that. It not only proposes an entirely new test for social disadvantage but would also allow impacts from “unlawful” DEI programs or policies (including the old 8(a) program itself!) to serve as a basis to establish social disadvantage under that new test. Without a doubt, this proposed change will have significant impacts going forward.

To fully understand the proposed changes, and their potential impact, context is critical. To that end, we break down the history and specifics of the new rule. For more information, click here.

In December 2025, Section 1826 of the FY 2026 NDAA created one of the most valuable classifications in defense contracting and most companies that qualify don’t know it yet. Qualify as a “nontraditional defense contractor” and you’re exempt from certified cost or pricing data, FAR Part 31, and the entire DFARS business-systems architecture. The kicker? Even some of the largest, most established defense firms qualify by regulatory construction. Alex Major and Franklin Turner map the four “species” of NDC now roaming the field and explain why the contractors documenting their positions today are writing the precedent everyone else will live under in this featured comment published in The Government Contractor.

McCarter & English’s Government Contracts practice has once again ranked Band 1 nationally by Chambers USA for 2026. Partner Alex Major is ranked Band 1 Nationwide: Government Contracts-Cybersecurity, and both Major and partner Franklin Turner are ranked nationwide for Government Contacts.

Continue Reading Chambers USA Ranks McCarter’s Government Contracts Practice Band 1 Nationwide for 2026; Partners Turner and Major Also Ranked

Why a clean name-match screen is no longer enough, and why the diligence meant to find hidden China exposure can create risk on the other side of the Pacific.

Picture the boardwalk version of supply-chain compliance. It’s August. Fingers are that odd combination of french fry-greasy and ice cream-sticky The arcade is humming. Someone hands you the mallet. The first mole pops up with a familiar name: Huawei. Easy. Then SMIC. Fine. Then a listed Chinese military company. Also easy. You swing, you hit the obvious targets, and for a moment the game looks like it’s under control.

Then the real game starts.

Continue Reading China Supply Chain Compliance Is Becoming Whack-a-Mole

What Federal Contractors Should Be Watching This Summer

Summer 2026 has arrived with a new wave of artificial intelligence (AI) policy from the White House. On June 2, 2026, President Trump signed an Executive Order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the Order). The Order directs federal agencies—on aggressive 30‑ and 60‑day timelines, with key deliverables due by July 2, 2026 and August 1, 2026—to harden federal information systems with AI‑enabled defenses, establish a voluntary framework for pre‑release federal access to so‑called “covered frontier models,” and prioritize criminal enforcement against malicious AI‑enabled cyber activity. Although the Order is framed as innovation‑and‑security policy and expressly disclaims any “mandatory governmental licensing, preclearance, or permitting requirement” for new AI models, it will have immediate operational consequences for federal information‑technology and cyber contractors, AI developers, critical‑infrastructure operators, and their service providers.

Continue Reading AI Heats Up: New Executive Order on Promoting Advanced Artificial Intelligence Innovation and Security

In a sharply worded order issued May 18, 2026, the Office of Hearings and Appeals (OHA) of the US Small Business Administration (SBA) remanded the agency’s suspension of ATI Government Solutions, LLC, from the 8(a) Business Development (BD) Program, finding the administrative record so deficient that it could not meaningfully review whether the suspension rested on adequate evidence. The case is Matter of ATI Government Solutions, LLC, SBA No. BDPT-728 (2026), and the decision is a forceful reaffirmation of two bedrock principles of administrative law in the 8(a) suspension context: An agency must articulate its reasoning at the time it acts, and the record it submits on appeal must actually contain the materials the decision-maker relied on. It also arrives at a uniquely fraught moment for 8(a) firms—and ATI, a tribally owned participant suspended on the strength of a hidden-camera video, illustrates exactly the kind of fast, thinly supported enforcement action that seems to have become business as usual for the SBA in recent months.

Continue Reading OHA Remands 8(a) Suspension Built on Hidden-Camera Video

Given the slew of Executive Orders (EOs) last year focusing on diversity, equity, and inclusion (DEI) and roiling the funding and operations of recipients of federal financial assistance such as universities and nonprofits, recipients may be forgiven for passing over EO 14398, dated March 26, 2026. As we’ve been covering (here and here), EO 14398 marks a second phase of the administration’s focus on “racially discriminatory DEI activities.” Where EOs from 2025 focused on broad policy shifts and internal agency operations, 2026 EOs seek prospective operationalization of the administration’s policy preferences by baking restrictions on DEI activities into federal contracts.

Continue Reading Recipients of Federal Financial Assistance Can Look to the New DEI Clause to Prepare for Potential Increased Scrutiny of Their Own Awards

The Department of Defense’s proposed rule implementing Section 847 of the FY 2020 NDAA could fundamentally reshape how foreign ownership, control, or influence (FOCI) is monitored across the defense industrial base. Through proposed DFARS Part 240, the rule would extend recurring FOCI disclosure, National Industrial Security System (NISS) reporting, and Defense Counterintelligence and Security Agency (DCSA) oversight far beyond the traditional facility-clearance context and into ordinary government contracting. For foreign-owned contractors, allied-country suppliers, private equity sponsors, and federal subcontractors, the proposal signals the emergence of a permanent compliance regime built around continuous visibility rather than one-time vetting.

Friends, Romans, contractors, lend me your ears;
I come to disclose your owners, not to debar them.
The FOCI that contractors do is oft assessed;
The clearances are oft interred with their bones.
So let it be with allies. The honorable rule
Hath told you that we treat all foreigners alike;
If it be so, it is a grievous form,
And grievously hath the SF-328 answered it.

The speech may be a little ridiculous, but in its way, it’s also a little accurate. The proposed DFARS rule implementing Section 847 of the FY 2020 NDAA is not unkind to allies. It is, as was Mark Antony, scrupulously polite to them, right up to the moment it asks them to register as suspects.

Continue Reading Section 847 and the New Era of DOD Continuous FOCI Monitoring