On October 16, 2025, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented their Defense Readiness Roadmap 2030 to the EU Member States. This comprehensive plan aims to strengthen European defense capabilities. It follows, and should be read together with, the Commission’s Defense Readiness Omnibus that was
On August 25, 2025, the Department of Defense (DoD) issued the Final Rule implementing Section 812 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2024 (P.L. 118-31). The Final Rule will take effect on October 24, 2025 via a new solicitation provision, DFARS 252.209-7012 (Prohibition Relating to Conflicts of Interest in Consulting Services – Certification).
Continue Reading Final Rule Implements Restrictions on Simultaneous Consulting Work for DOD and Covered Foreign Entities
The Department of Defense (DoD) has released a memorandum establishing the DoD Organization-Defined Parameters (ODPs) for use in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision (Rev) 3. Currently, DoD’s cybersecurity regimes require government contractors to comply with NIST SP 800-171 Rev. 2. However, the release of this memorandum may indicate DoD’s intention to soon incorporate Rev. 3 into DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012) as well as the forthcoming Cybersecurity Maturity Model Certification (CMMC).
Continue Reading DoD Specifies Implementation Requirements for NIST 800-171 Cyber Standard
The Department of Defense (“DoD) recently took important actions to expand and deepen its relationships with companies bringing critical energy production and storage technologies to the DoD marketplace. As one of the largest consumers of energy in the world, DoD has the scale and resources to catalyze new industries, and mission assurance increasingly requires a diverse generation mix and incorporation of advanced technologies.
To achieve those goals, DoD is creating two new programs:
On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012), specifying that contractors subject to the clause must comply with NIST SP 800-171, Revision 2. The deviation (labeled Deviation 2024-O0013) will delay the incorporation of NIST
On January 31, 2024, the Department of Defense (DoD) updated the 1260H List of entities identified as “Chinese military companies” operating in the United States, as it is required to do at least annually by Section 1260H of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2021. Section 1260H defines a “Chinese military company” as an entity that is:
Continue Reading DoD is Making its List, and Checking it Twice: DoD Updates 1260H Chinese Military Companies List
Front of mind for many federal contractors is the proposed FAR rule that would make federal contract awards contingent upon meeting mandatory greenhouse gas (GHG) emissions requirements. But a provision in the recently enacted National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2024 scales back the reach of that potential rule on Department of Defense (DoD) contracts.
Continue Reading FY 2024 NDAA Pumps the Brakes on Mandatory GHG Emissions Disclosure Requirements for DoD Contracts
On January 11, 2024, the Department of Defense (DoD) announced its first-ever National Defense Industrial Strategy (NDIS) focused on building a modernized industrial ecosystem that provides a sustained competitive advantage to the US over its adversaries. Specifically, the NDIS provides a strategic framework to guide the DoD’s engagement, policy development, and investment in the industrial base over the next three to five years. As part of this investment strategy, the NDIS highlights several investment tools and opportunities that DoD is already using to spur growth and innovation in key industries.
Continue Reading DoD Announces First Ever Strategy for a Modernized Defense Industrial Ecosystem
The Department of Defense (DoD) recently published a memorandum clarifying what it means for a cloud service provider (CSP) to be Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline “equivalent” and meet incident reporting requirements under Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012). The memorandum states, in order to be considered FedRAMP equivalent going forward, CSPs must (1) be FedRAMP Moderate/High-Authorized, or (2) secure a third-party assessment confirming their compliance with all FedRAMP Moderate baseline security controls.
Continue Reading No Longer Cloudy: DoD Issues New Guidance on FedRAMP Moderate Equivalency Cloud Security Requirements
On June 29, 2023, the Government Accountability Office (GAO) released its second report[1] on Department of Defense (DoD) artificial intelligence (AI) acquisition efforts. This latest report examines the DoD’s lack of formal AI acquisition guidance and identifies key principles from the private sector that can be applied to the DoD’s AI acquisition efforts.
Although