Department of Defense

Subscribe to Department of Defense via RSS

The FY2026 National Defense Authorization Act (NDAA) became law on December 18, 2025, enacting a tidal wave of the Trump administration’s priorities with respect to Department of Defense (DoD) procurement. One key priority reflected in the NDAA is reducing compliance burdens so that (i) established DoD contractors are incentivized to pursue awards and (ii) more companies opt in to being a DoD contractor to grow the industrial base. Importantly, Section 1804 and Section 1806 of the NDAA take action on this priority by raising the dollar thresholds for complex domains of government contracting: the Cost Accounting Standards (CAS) and submission of certified cost or pricing data. While these changes are welcome developments, companies should be cognizant that a steady stream of compliance requirements remains even with these increased thresholds.Continue Reading Swept Away: FY2026 NDAA Updates to CAS and Certified Cost or Pricing Data Thresholds

On December 18, 2025, the Fiscal Year 2026 National Defense Authorization Act (FY2026 NDAA) became law. True to each year’s NDAA being a sprawling piece of legislation, the FY2026 NDAA contains many priorities of the current Administration. Nestled among its myriad provisions, federal grant recipients should take note of Section 230, the “Prohibition on Modification of Indirect Cost Rates for Institutions of Higher Education and Nonprofit Organization.” This section provides a speed bump for rapid changes to indirect cost rates for Department of Defense grantees and reflects congressional sympathy to grantee concerns, particularly those of institutes of higher education (IHEs).Continue Reading College Prep: What Colleges with DoD Grants Should Do Now Under the FY2026 NDAA

Drumroll, please. On November 7, 2025, the Department of Defense (DoD) released three memoranda signaling changes to its approach to procurement and Foreign Military Sales/Direct Commercial Sales in the years to come: “Unifying the Department’s Arms Transfer and Security Cooperation Enterprise to Improve Efficiency and Enable Burden-Sharing”; “Reforming the Joint Requirements Process to Accelerate Fielding of Warfighting Capabilities”; and “Transforming the Defense Acquisition System into the Warfighting Acquisition System to Accelerate Fielding of Urgently Needed Capabilities to Our Warriors.” The latter memorandum appends the DoD’s Acquisition Transformation Strategy (the Strategy), which is aimed at dramatically reforming how the DoD’s acquisition system operates with an eye toward increasing the speed and flexibility of DoD procurements and the acquisition workforce. This document begins the march toward sunsetting the existing Defense Acquisition System in favor of what is envisioned to be a more rapid and effective system designed to provide the DoD with the capabilities it needs to meet its mission requirements.Continue Reading The Drumbeat of Progress: DOD’s Acquisition Transformation Strategy

Here we are again. With federal funding for fiscal year 2025 lapsed, all government contractors now face potential stop work orders and financial disruptions. Below are key considerations and steps to mitigate potential risk and maximize cost recovery:Continue Reading Key Steps for Government Contractors During the Federal Shutdown

The DoD has finally crossed the CMMC finish line, but for contractors, the race is just beginning. With the Final Rule effective Nov. 10, award eligibility will hinge on a “current” CMMC status in SPRS, backed by annual affirmations and strict compliance. The next two months are critical for getting race-ready. In this Featured Comment

On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed that contractors must continue complying with Revision 2 thanks to a previously issued class deviation. What does this mean in plain terms? The DoD is slowly pulling back the curtain on the next major shift in cybersecurity compliance. Still, the full prestige hasn’t happened yet.Continue Reading The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters

In Part I of this series we introduced readers to what Controlled Unclassified Information (CUI) is understood to consist of under the CUI Program at 32 CFR pt. 2002, differentiating and safeguarding CUI, CUI Program Authority and Control, and CUI policy as promulgated under the U.S. Department of Defense CUI Program. (See 66 GC ¶

The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Program will become operational at some point in fiscal year 2025. In October, the DOD issued a Final Rule to address evolving cybersecurity requirements and cyber threats while defining the security controls that DOD intends defense contractors and subcontractors to implement. The program will require

Over the course of the past few years, gallons of ink have been spilled addressing the seemingly ever-pending US Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program. After keeping us waiting for years, it finally arrived when, on October 15, 2024, DoD published its Final Rule to establish the CMMC Program. See 89 Fed. Reg. 83092 (Oct. 15, 2024). Effective December 16, 2024, the Rule will require certain defense contractors to have implemented security measures to achieve a particular CMMC level necessary to safeguard Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as a condition of contract award. Codified at 34 C.F.R. Part 170, the CMMC Program will be augmented by a separate proposed acquisition rule to add a new 48 C.F.R. Part 204, amending the Defense Federal Acquisition Regulation Supplement (DFARS) to address procurement considerations related to the CMMC Program, including allowing DoD to require a specific CMMC level in a solicitation or contract. See 89 Fed. Reg. 66327 (Aug. 15, 2024) or our analyses here and here. The date when that DFARS clause will become final is still unclear, but most suspect it will be soon.Continue Reading A Standard on Many Levels: A Look at CMMC 2.0 in Final