Federal Regulatory

Department of the Interior Rescinds ESA Harm Definition

โœ… Regulatory Compliance ๐ŸŒณ Environment

The Department of the Interior and Department of Commerce finalized a rule rescinding the regulatory definition of "harm" under the Endangered Species Act (ESA), aligning enforcement with the statute's original intent and Supreme Court guidance. This regulatory change reduces permitting requirements and regulatory burdens for landowners, businesses, and local governments while maintaining protections against direct injury or killing of listed species. Procurement professionals and contractors involved in environmental compliance, land management, and conservation-related services should note this shift as it may alter the scope and nature of ESA-related permitting and compliance obligations.

  • This rule change signals a reduction in regulatory complexity and potential delays related to ESA permitting processes, impacting project timelines and compliance strategies.
  • Agencies and contractors should reassess environmental risk management and permitting workflows to align with the updated enforcement standards.
  • Businesses engaged in land use and development may experience fewer restrictions, potentially increasing opportunities for projects previously constrained by broader "harm" definitions.
  • Environmental service providers should evaluate how this change affects demand for consulting, mitigation, and compliance services under the ESA framework.

Weโ€™re returning the ESA to its foundational purpose to ensure legitimate conservation goals are met without sacrificing economic growth and American prosperity.

— Howard Lutnick, Secretary of Commerce

For years, federal agencies abused the ESA to obstruct lawful land use and burden American families and businesses.

— Doug Burgum, Secretary of the Interior

Agencies

Department of the Interior, Department of Commerce, U.S. Fish and Wildlife Service

Locations

Sources

Department of War Suspends CMMC Phase II Requirements

Federal News

Department of War Suspends CMMC Phase II Requirements

๐Ÿ”’ Cybersecurity โœ… Regulatory Compliance ๐Ÿ›ก๏ธ Defense & Military ๐Ÿ’ป Information Technology

The Department of War has suspended the Cybersecurity Maturity Model Certification (CMMC) Phase II requirements originally scheduled for November 10, 2026, initiating a 60-day comprehensive review to reform the program. During this suspension, Phase I self-assessments and enforcement of NIST SP 800-171 Rev 2 standards remain mandatory, while third-party certification requirements are paused. This decision aims to reduce compliance burdens on small and medium businesses within the Defense Industrial Base (DIB), align cybersecurity efforts with acquisition transformation goals, and maintain security standards without imposing excessive costs or administrative overhead.

  • Why this matters: Procurement professionals and contractors must continue adhering to NIST SP 800-171 Rev 2 and DFARS 252.204-7012 requirements despite the suspension of CMMC Phase II third-party assessments.
  • Small and medium-sized defense contractors may experience reduced immediate certification costs but should be aware of increased False Claims Act exposure due to reliance on self-assessments.
  • Organizations should prepare for potential program reforms following the 60-day review, which may introduce scalable cybersecurity requirements better aligned with acquisition transformation initiatives.
  • Contractors and compliance service providers should evaluate current cybersecurity postures and documentation rigorously to mitigate risks during this interim period of regulatory uncertainty.

Sources

Federal News

Defense Contractors Report Q1 2026 Earnings

๐Ÿ“‹ Contracting Vehicles ๐Ÿ›ก๏ธ Defense & Military

Defense contractors Huntington Ingalls Industries, Mercury Systems, General Dynamics, and Lockheed Martin reported their Q1 2026 financial results, reflecting varied performance amid sustained government defense spending. Huntington Ingalls led with a $3.10 billion revenue beat driven by enhanced shipbuilding throughput and operational improvements, while Mercury Systems and General Dynamics also posted solid revenue growth and earnings beats. Lockheed Martin experienced flat revenue and slight guidance misses. These results underscore ongoing demand for defense capabilities influenced by geopolitical tensions and government budget priorities, highlighting opportunities for contractors with technical expertise and security clearances.

  • Why this matters: Strong earnings from key defense contractors indicate continued government investment in shipbuilding, systems integration, and advanced defense technologies.
  • Procurement professionals should anticipate sustained contract opportunities favoring companies with proven operational efficiency and compliance with security requirements.
  • Contractors can leverage these market signals to align business development strategies with government priorities emphasizing throughput and technical innovation.
  • Organizations should consider the competitive landscape shaped by these financial performances when planning bids and partnerships in defense procurement.

Sources

Federal News

enQase Achieves NIST FIPS 140-3 Validation

๐Ÿ”’ Cybersecurity ๐Ÿ’ป Information Technology

enQase has received the FIPS 140-3 Certificate #5346 from the National Institute of Standards & Technology's Cryptographic Module Validation Program, validating its cryptographic security module for use in government and enterprise networks, servers, IoT, and other applications. This certification confirms enQase's compliance with federal cryptographic standards and positions the company as a provider of quantum-safe security solutions critical for agencies preparing for emerging post-quantum cybersecurity requirements.

  • Why this matters: Federal agencies and contractors requiring validated cryptographic modules can now consider enQase's FIPS 140-3 certified solutions to meet compliance mandates and enhance long-term security posture.
  • This validation supports procurement of quantum-resistant cryptographic technologies aligned with evolving federal cybersecurity frameworks.
  • Organizations involved in network security, IoT deployments, and enterprise infrastructure should evaluate enQase's offerings for integration into secure government systems.
  • Procurement professionals should note the growing emphasis on post-quantum security readiness reflected in federal validation programs, influencing future contract requirements.

Sources

Federal News

UWM Advances Toward DoD Cybersecurity Certification

๐Ÿ”’ Cybersecurity ๐Ÿ›ก๏ธ Defense & Military ๐Ÿ’ป Information Technology

The University of Wisconsin-Milwaukee (UWM) has achieved Level 1 Cybersecurity Maturity Model Certification (CMMC) and is actively progressing toward Level 2 certification by November 2026. This advancement enables UWM to qualify for more advanced Department of Defense (DoD) research projects and federal funding opportunities, fostering stronger collaborations with defense-related industries in southeastern Wisconsin. This development supports regional economic growth and innovation by expanding access to DoD contracts and research partnerships.

  • Why this matters: UWM's progress toward Level 2 CMMC certification opens new avenues for federal research funding and DoD contract eligibility, increasing opportunities for academic and industry partnerships.
  • Defense contractors and suppliers in Wisconsin should consider engaging with UWM to leverage emerging research collaborations enabled by enhanced cybersecurity compliance.
  • Procurement professionals should note the growing importance of CMMC certification for research institutions seeking DoD contracts, highlighting cybersecurity as a critical compliance factor.
  • Organizations aiming to participate in DoD research projects can benefit from aligning with certified academic partners like UWM to meet evolving cybersecurity requirements.

Sources

Federal News

GSA Awards Cherokee Federal Modernization BPA

โ˜๏ธ Cloud Services ๐Ÿ’ป Information Technology

The U.S. General Services Administration (GSA) Office of Centralized Acquisition Services (OCAS) has awarded Cherokee Federal the sole Blanket Purchase Agreement (BPA) for Modernization Support Services (MSS) Enterprise Support as of July 14, 2026. This contract enables Cherokee Federal to provide technology and consulting services aimed at advancing GSA's enterprise modernization initiatives, which focus on enhancing operational efficiency and mission performance across federal agencies.

  • Why this matters: Procurement professionals should note Cherokee Federal's exclusive role in supporting GSA's modernization efforts, signaling opportunities for subcontracting and partnership within federal technology modernization projects.
  • The BPA emphasizes secure, scalable solutions aligned with mission outcomes, highlighting federal priorities in technology modernization.
  • Contractors specializing in IT consulting and modernization services may find increased demand through this vehicle.
  • Organizations should consider how this BPA aligns with broader federal modernization strategies and plan accordingly for engagement opportunities.

Sources

Federal News

GAO Updates Federal IT Security Audit Manual

๐Ÿ”’ Cybersecurity ๐Ÿ’ป Information Technology

The Government Accountability Office (GAO) released the updated Federal Information System Controls Audit Manual (FISCAM) on June 29, 2026. This comprehensive 493-page manual provides the latest auditing standards and security frameworks for federal auditors and Inspectors General to assess IT security and financial controls consistently across federal agencies under the Government Auditing Standards (Yellow Book). The update reflects evolving cybersecurity requirements and aims to enhance the rigor and uniformity of federal IT audits.

  • Federal procurement and compliance teams should align their IT security controls and audit readiness with the updated FISCAM requirements to ensure successful audit outcomes.
  • Agencies including DoD and HHS will apply these updated standards, potentially impacting contract oversight and vendor compliance expectations.
  • Contractors providing IT security services or solutions to federal agencies may need to adjust their offerings to meet the revised audit criteria.
  • Procurement professionals should incorporate the updated manual's guidance into contract language and evaluation criteria to support consistent auditability and risk management.

Sources

Vanta Achieves FedRAMP 20x Certification

Federal News

Vanta Achieves FedRAMP 20x Certification

๐Ÿ”’ Cybersecurity ๐Ÿ’ป Information Technology

Vanta has secured FedRAMP 20x Class C certification for its AI-powered Government Cloud platform, enabling federal agencies to enhance cybersecurity operations and automate compliance workflows. This certification expands Vanta's accessibility across federal, state, local, and education sectors through Carahsoft's distribution and multiple government contract vehicles, including SEWP V and NASPO ValuePoint agreements. Procurement professionals should note that Vanta's platform supports continuous compliance aligned with FedRAMP, NIST 800-53, CMMC, and SOC 2 frameworks, facilitating IT modernization and risk management initiatives.

  • Vanta's solutions are available via Carahsoft's reseller partners through key government contracts such as SEWP V (NNG15SC03B, NNG15SC27B) and NASPO ValuePoint (AR2472), streamlining acquisition for agencies.
  • The certification signals growing federal demand for AI-driven governance, risk, and compliance (GRC) platforms that support continuous monitoring and security automation.
  • Agencies and contractors should evaluate Vanta's platform for integration into cybersecurity modernization efforts, especially those requiring FedRAMP-authorized cloud services.
  • Industry stakeholders can leverage this development to expand offerings in federal IT modernization, compliance automation, and cybersecurity risk visibility.

Sources

Federal News

DoD Suspends CMMC Phase 2 Requirements

๐Ÿ”’ Cybersecurity ๐Ÿ›ก๏ธ Defense & Military

The Department of Defense has suspended the implementation of Cybersecurity Maturity Model Certification (CMMC) Phase 2 requirements, which were originally set to take effect on November 10, 2026. This suspension aims to prevent disruption within the defense industrial base and reduce compliance burdens, particularly for small business contractors. During this pause, cybersecurity compliance will continue under the existing NIST SP 800-171 Revision 2 standards. A CMMC Reform Task Force has been established to review the program and deliver recommendations within 60 days, signaling potential future changes to cybersecurity requirements for defense contractors.

  • Why this matters: Contractors currently preparing for CMMC Phase 2 certification can continue to rely on NIST SP 800-171 Rev 2 compliance, avoiding immediate certification costs and operational impacts.
  • The suspension provides procurement professionals and contractors additional time to adjust to evolving cybersecurity mandates and align with forthcoming guidance from the DoD.
  • Small businesses in the defense supply chain may experience reduced compliance pressure in the near term, potentially affecting subcontracting and bidding strategies.
  • Organizations should monitor the CMMC Reform Task Force's recommendations closely, as they will influence future cybersecurity requirements and contract eligibility within the DoD acquisition environment.

Sources

Federal News

DoD Pauses CMMC Phase 2 Requirements

๐Ÿ”’ Cybersecurity ๐Ÿ›ก๏ธ Defense & Military

The Department of Defense (DoD) has suspended the Phase 2 requirements of its Cybersecurity Maturity Model Certification (CMMC) program and initiated a 60-day review to address concerns about the compliance burden on small and medium defense contractors. Despite the pause, the DoD continues to require cybersecurity compliance through self-assessments and government-led evaluations, emphasizing that the underlying cybersecurity requirements remain unchanged. This action reflects the DoD's effort to balance robust cybersecurity standards with reducing administrative overhead for contractors.

  • Why this matters: Procurement professionals should note that while formal CMMC Phase 2 certification timelines are delayed, cybersecurity compliance remains mandatory through alternative assessment methods.
  • Small and medium-sized defense contractors may experience temporary relief from certification pressures but must maintain cybersecurity practices to meet DoD expectations.
  • Contracting officers and acquisition teams should adjust procurement planning and contract language to reflect the current pause and ongoing compliance mechanisms.
  • Industry stakeholders can leverage this period to prepare for potential revisions to CMMC requirements and align cybersecurity strategies accordingly.

Sources

State & Local News

Port of Los Angeles Launches Zero-Emission Truck Incentive

๐Ÿ›๏ธ Physical Infrastructure ๐Ÿ’ฐ Grants & Funding ๐Ÿšš Transportation โšก Energy & Utilities

The Port of Los Angeles has launched a $75 million Zero-Emission Truck Purchasing Incentive Project to accelerate the adoption of battery-electric Class 8 drayage trucks among Licensed Motor Carriers operating at the port. Funded by a $50 million U.S. EPA Clean Ports Program grant and $25 million from the Port's Clean Truck Fund Rate, this initiative aims to achieve zero-emission terminal operations by 2026. Proposals for this program are due by December 3, 2026, offering a significant procurement opportunity for vendors and contractors specializing in clean transportation technologies.

  • The project provides up to $300,000 per truck with a maximum of $24 million per Licensed Motor Carrier, incentivizing the purchase of at least 10 battery-electric Class 8 trucks.
  • This funding supports the Port's environmental goals and aligns with federal clean air initiatives, highlighting growing demand for zero-emission vehicle solutions in maritime logistics.
  • Procurement professionals should prepare proposals that meet the technical and operational requirements to capitalize on this funding window.
  • Vendors specializing in electric heavy-duty trucks and related infrastructure can expect increased opportunities in the Southern California port logistics market.

Sources