DoD

Subscribe to DoD via RSS

Following a tumultuous start to fiscal year 2026, including a government shutdown that lasted 43 days, the National Defense Authorization Act for fiscal year 2026 (NDAA 2026), Pub. L. 119-60, was passed by Congress and signed into law on December 18, 2025. NDAA 2026 is a critical legislative act, setting acquisition reforms and policies and authorizing appropriations and funding levels for the Department of Defense (DoD). With $900.6 billion in funding for the DoD, NDAA 2026 contains a plethora of acquisition reform provisions and critical updates impacting defense contractors. Title XVIII of NDAA 2026 significantly increased certain acquisition thresholds, including triggers for the Truthful Cost or Pricing Data Act (formerly the Truth in Negotiations Act) and Cost Accounting Standards application, which you can read about here. Additionally, NDAA 2026 increases the thresholds for noncompetitive acquisitions and when information technology requirements qualify as a major system.Continue Reading FY2026 NDAA: Major Increases to Critical Acquisition Thresholds

The FY2026 National Defense Authorization Act (NDAA) became law on December 18, 2025, enacting a tidal wave of the Trump administration’s priorities with respect to Department of Defense (DoD) procurement. One key priority reflected in the NDAA is reducing compliance burdens so that (i) established DoD contractors are incentivized to pursue awards and (ii) more companies opt in to being a DoD contractor to grow the industrial base. Importantly, Section 1804 and Section 1806 of the NDAA take action on this priority by raising the dollar thresholds for complex domains of government contracting: the Cost Accounting Standards (CAS) and submission of certified cost or pricing data. While these changes are welcome developments, companies should be cognizant that a steady stream of compliance requirements remains even with these increased thresholds.Continue Reading Swept Away: FY2026 NDAA Updates to CAS and Certified Cost or Pricing Data Thresholds

On December 18, 2025, the Fiscal Year 2026 National Defense Authorization Act (FY2026 NDAA) became law. True to each year’s NDAA being a sprawling piece of legislation, the FY2026 NDAA contains many priorities of the current Administration. Nestled among its myriad provisions, federal grant recipients should take note of Section 230, the “Prohibition on Modification of Indirect Cost Rates for Institutions of Higher Education and Nonprofit Organization.” This section provides a speed bump for rapid changes to indirect cost rates for Department of Defense grantees and reflects congressional sympathy to grantee concerns, particularly those of institutes of higher education (IHEs).Continue Reading College Prep: What Colleges with DoD Grants Should Do Now Under the FY2026 NDAA

Drumroll, please. On November 7, 2025, the Department of Defense (DoD) released three memoranda signaling changes to its approach to procurement and Foreign Military Sales/Direct Commercial Sales in the years to come: “Unifying the Department’s Arms Transfer and Security Cooperation Enterprise to Improve Efficiency and Enable Burden-Sharing”; “Reforming the Joint Requirements Process to Accelerate Fielding of Warfighting Capabilities”; and “Transforming the Defense Acquisition System into the Warfighting Acquisition System to Accelerate Fielding of Urgently Needed Capabilities to Our Warriors.” The latter memorandum appends the DoD’s Acquisition Transformation Strategy (the Strategy), which is aimed at dramatically reforming how the DoD’s acquisition system operates with an eye toward increasing the speed and flexibility of DoD procurements and the acquisition workforce. This document begins the march toward sunsetting the existing Defense Acquisition System in favor of what is envisioned to be a more rapid and effective system designed to provide the DoD with the capabilities it needs to meet its mission requirements.Continue Reading The Drumbeat of Progress: DOD’s Acquisition Transformation Strategy

The DoD has finally crossed the CMMC finish line, but for contractors, the race is just beginning. With the Final Rule effective Nov. 10, award eligibility will hinge on a “current” CMMC status in SPRS, backed by annual affirmations and strict compliance. The next two months are critical for getting race-ready. In this Featured Comment

The Department of Defense (DoD) is revving its engines again—this time to rocket past its own software acquisition drag. Launched via an April 24 memo from Acting DoD CIO Katie Arrington, the DoD’s Software Fast Track (SWFT) Initiative entered a 90‑day sprint to redefine Accelerating the Authority to Operate (ATOs), aiming to replace the outdated Risk Management Framework (RMF) with AI‑enabled, continuous compliance workflows. Officially live on June 1, 2025, SWFT isn’t a fully cleared runway—it’s a mission in motion, with Requests for Information (RFIs) out and industry poised to respond. But the real turbulence won’t be technical—it’ll be cultural: Can Pentagon policy and personnel move at Top Gun pace?Continue Reading The Need for Speed: DoD’s “Software Fast Track” Targets Bureaucracy at Mach 2

On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed that contractors must continue complying with Revision 2 thanks to a previously issued class deviation. What does this mean in plain terms? The DoD is slowly pulling back the curtain on the next major shift in cybersecurity compliance. Still, the full prestige hasn’t happened yet.Continue Reading The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters

In Part I of this series we introduced readers to what Controlled Unclassified Information (CUI) is understood to consist of under the CUI Program at 32 CFR pt. 2002, differentiating and safeguarding CUI, CUI Program Authority and Control, and CUI policy as promulgated under the U.S. Department of Defense CUI Program. (See 66 GC ¶

The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Program will become operational at some point in fiscal year 2025. In October, the DOD issued a Final Rule to address evolving cybersecurity requirements and cyber threats while defining the security controls that DOD intends defense contractors and subcontractors to implement. The program will require

Over the course of the past few years, gallons of ink have been spilled addressing the seemingly ever-pending US Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program. After keeping us waiting for years, it finally arrived when, on October 15, 2024, DoD published its Final Rule to establish the CMMC Program. See 89 Fed. Reg. 83092 (Oct. 15, 2024). Effective December 16, 2024, the Rule will require certain defense contractors to have implemented security measures to achieve a particular CMMC level necessary to safeguard Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as a condition of contract award. Codified at 34 C.F.R. Part 170, the CMMC Program will be augmented by a separate proposed acquisition rule to add a new 48 C.F.R. Part 204, amending the Defense Federal Acquisition Regulation Supplement (DFARS) to address procurement considerations related to the CMMC Program, including allowing DoD to require a specific CMMC level in a solicitation or contract. See 89 Fed. Reg. 66327 (Aug. 15, 2024) or our analyses here and here. The date when that DFARS clause will become final is still unclear, but most suspect it will be soon.Continue Reading A Standard on Many Levels: A Look at CMMC 2.0 in Final