Cybersecurity, Emerging Technologies & Government Contracts Compliance

A new proposed Defense Federal Acquisition Regulation Supplement (DFARS) FARS Rule, DFARS Case 2021-D011 would: Significantly expand the scope of foreign ownership, control or influence (FOCI) reviews that would have profound implications for any contractor doing business (or seeking to do business) with the Department of Defense (DoD) under a contract greater than $5 million, including, potentially, commercial contractors; and Fundamentally change the role of the Defense Counterintelligence and Security Agency (DCSA) in connection with FOCI reviews by giving DCSA a central,

On Dec. 18, 2025, the Department of Defense (DoD) issued deviations to over half of the Defense Federal Acquisition Regulation Supplement (DFARS) Parts, all of which became effective Feb. 1, 2026. Two days later, DoD issued a deviation for DFARS Part 204, which became effective Feb. 17. These deviations reorganize and streamline some of the DFARS regulations and contract clauses that define contractors’ cybersecurity requirements. Technically, they are “temporary” exceptions to the DFARS that were issued on an emergency basis in

W.C. Fields once said that there comes a time in everyone’s life when they “must take the bull by the tail and face the situation.” For contractors in the Defense Industrial Base (DIB), that time has apparently come when, at long last, the Cybersecurity Maturity Model Certification (CMMC) Program began its phased rollout Nov. 10. As previously discussed, Phase 1 sees the incorporation of the new DFARS CMMC clause into all solicitations involving the handling of Federally Controlled Information (FCI) or

The Federal Acquisition Regulatory Council (FAR Council) recently released the rewrite of FAR Part 19, a notoriously complex set of regulations that covers the policies, procedures and programs designed to maximize small business participation in federal contracting. This rewrite is intended to enhance the intuitiveness and ease of applying regulations to small businesses in the federal procurement process. The FAR Council also issued a Practitioner Album, which summarizes proposed changes to the regulations and provides helpful guidance and resources for

On September 10, 2025, the Department of Defense (DoD) issued a Final Rule officially incorporating the Cybersecurity Maturity Model Certification (CMMC) Program into the Defense Federal Acquisition Regulation Supplement (DFARS). The Final Rule establishes the processes for integrating the CMMC requirements into DoD Contracts and Subcontracts and creates two new contract clauses that make CMMC compliance a condition for award. The Final Rule is effective November 10, 2025, which gives entities a brief window of time to familiarize themselves with

The Department of Defense (DoD) published a Final Rule earlier this month formally implementing the Cybersecurity Maturity Model Certification (CMMC) Program. This Final Rule is the culmination of five years of work to standardize the safeguards that government contractors must implement to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) while also bolstering compliance with these requirements. (For more background on the road to the Final Rule, please read our earlier blog posts on what we’ve called “CMMC Program