Federal News

CDC Nominates Schwartz Amid Agency Challenges

βœ… Regulatory Compliance πŸ₯ Healthcare

Dr. Erica Schwartz has been nominated to lead the Centers for Disease Control and Prevention (CDC) during a period marked by agency turmoil and political pressures, particularly surrounding vaccine policies under Health Secretary Robert F. Kennedy Jr. Her confirmation hearing highlighted concerns about political interference and the CDC's evolving mission scope, which may impact ongoing and future public health contracts and programs. Procurement professionals and contractors engaged with CDC initiatives should anticipate potential shifts in agency priorities and leadership approaches that could influence contract requirements and program funding.

  • The CDC's leadership transition signals possible changes in public health program direction, affecting vaccine development and health services contracts.
  • Political scrutiny and agency mission reassessment may lead to revised procurement strategies or altered contract scopes.
  • Contractors should evaluate how evolving CDC policies under new leadership might impact compliance, deliverables, and partnership opportunities.
  • Engagement with CDC-related health programs in Atlanta, Georgia, and related federal agencies like HHS and NIH remains critical for market positioning.

I think over time, the CDC has had some mission creep, and it’s trying to be all things to all people

— Dr. Erica Schwartz, CDC Director Nominee

Agencies

Centers for Disease Control and Prevention, Department of Health and Human Services, National Institutes of Health, United States Senate, Cleveland's Health Department

Vendors

UnitedHealth Group, Butterfly Network Inc., Aveanna Healthcare, Searching for Solutions Institute

Locations

Sources

Federal Event

CBP Seeks 8(a) Contractors for Border Infrastructure Maintenance

πŸ›οΈ Physical Infrastructure πŸ—οΈ Construction & Infrastructure

U.S. Customs and Border Protection (CBP) is conducting a mandatory site visit on July 29, 2026, in Ocotillo, California, for 8(a) certified contractors interested in a competitive set-aside solicitation. The contract covers maintenance, repair, and improvement of tactical infrastructure assets including roads, fences, and lighting within the Yuma and El Centro Border Patrol Sectors along the U.S./Mexico border. This single contract opportunity consolidates multiple infrastructure maintenance needs, emphasizing the importance of attending the site visit to gather critical information for proposal preparation.

  • The solicitation is a competitive 8(a) set-aside, targeting small disadvantaged businesses qualified under the SBA 8(a) program.
  • Contractors must attend the mandatory site visit on July 29, 2026, in Ocotillo, California, to be eligible to submit proposals.
  • The contract involves specialized construction and maintenance services under NAICS codes 237990, 238910, and 238990, relevant to heavy civil engineering and specialty trade contractors.
  • Procurement professionals and contractors should coordinate with CBP contacts Muhanad D. Sasa and Donna R. McMullen for site visit registration and technical inquiries.
  • This opportunity highlights CBP's ongoing investment in border infrastructure readiness and maintenance, signaling continued demand for infrastructure services in border security contexts.

Sources

Federal Event

Navy and MARAD Host Auxiliary Ships Industry Day in DC

πŸ›οΈ Physical Infrastructure πŸ›‘οΈ Defense & Military 🚚 Transportation

The Department of the Navy's Portfolio Acquisition Executive Maritime and the Department of Transportation Maritime Administration (MARAD) are jointly hosting an Auxiliary Ships Industry Day on August 5-6, 2026, near the Washington Navy Yard, District of Columbia. This event targets vessel construction managers, shipyards, and key suppliers to gather market research and feedback on three significant ship acquisition programs: the Bulk Fuel Consolidated Cargo Tanker, the Next Generation Hospital Ship (T-AH(X)), and the Roll-on/Roll-off (RO/RO) Vessel Program. Registration is required by July 29, 2026, but attendance is limited and not guaranteed.

  • Why this matters: Procurement professionals and contractors should prepare to engage with Navy and MARAD acquisition teams to influence requirements and positioning for upcoming contracts in auxiliary shipbuilding.
  • The event provides early insight into program priorities and acquisition strategies for major maritime vessel programs managed by PAE Maritime and MARAD.
  • Companies specializing in ship construction, maritime logistics, and vessel systems can leverage this opportunity to align capabilities with government needs and establish relationships with key stakeholders.
  • Timely registration by July 29, 2026, is critical for participation and to gain competitive intelligence ahead of formal solicitations.

Sources

Federal News

DoD Suspends CMMC Phase II Implementation

πŸ”’ Cybersecurity πŸ›‘οΈ Defense & Military

The Department of Defense (DoD) has officially suspended the implementation of Cybersecurity Maturity Model Certification (CMMC) Phase II, which included mandatory third-party assessments for CMMC Level 2, originally scheduled to begin November 10, 2026. This pause reflects concerns about cost and access barriers, especially for small and non-traditional defense contractors. Despite the suspension of third-party certification requirements, contractors must continue to comply with existing cybersecurity mandates, including self-assessments aligned with NIST SP 800-171 Revision 2 controls and Defense Federal Acquisition Regulation Supplement (DFARS) safeguarding clauses. The DoD has established a CMMC Reform Task Force tasked with reviewing the program and recommending changes within 60 days. Stakeholders are invited to provide feedback by August 14, 2026, through a Request for Information (RFI).

  • Why this matters: Procurement professionals and contractors should recognize that while third-party CMMC assessments are paused, cybersecurity compliance obligations remain mandatory and enforceable.
  • Organizations should leverage this pause to strengthen internal cybersecurity practices and prepare for potential program revisions.
  • Small and non-traditional businesses may find opportunities to influence program reforms through the August 14 stakeholder feedback deadline.
  • Cybersecurity service providers can anticipate evolving market demand as the DoD revises CMMC requirements and enforcement mechanisms.

Sources

DoD Pauses CMMC Phase II Implementation

Federal News

DoD Pauses CMMC Phase II Implementation

πŸ”’ Cybersecurity βœ… Regulatory Compliance πŸ›‘οΈ Defense & Military πŸ’» Information Technology

The U.S. Department of Defense has officially paused the rollout of Phase II of the Cybersecurity Maturity Model Certification (CMMC) 2.0 program, which was scheduled to begin November 10, 2026. This pause suspends the requirement for third-party cybersecurity assessments for defense contractors, particularly impacting over 120,000 small and midsized businesses and tribal enterprises in the defense supply chain. During a 60-day review period, a CMMC Reform Task Force will collect industry feedback and propose adjustments to better align cybersecurity mandates with troop readiness priorities, reduce administrative burdens, and enhance opportunities for smaller contractors. Meanwhile, Phase I self-assessment requirements remain in effect, and all pending CMMC milestones are suspended. Industry experts anticipate that some form of third-party or government-led cybersecurity validation will eventually return, especially for higher-risk contracts, but with a focus on reducing complexity and cost.

  • Why this matters: Procurement professionals should note the suspension of mandatory third-party audits, which affects contract eligibility and compliance timelines for many defense contractors.
  • Organizations currently preparing for Phase II certification can adjust their strategies to focus on maintaining Phase I self-assessments while awaiting revised requirements.
  • Small and midsized contractors may find new opportunities as the DoD seeks to reduce bureaucratic hurdles and better support these businesses in cybersecurity compliance.
  • Cybersecurity service providers and assessors should anticipate changes in certification processes and prepare to support contractors through the upcoming reform and potential reinstatement of validation mechanisms.

Sources

Federal Event

NAVAIR Hosts UAS Training Industry Day

πŸ“‹ Contracting Vehicles πŸ›‘οΈ Defense & Military

The Naval Air Systems Command (NAVAIR) is conducting a virtual Industry Day on September 3, 2026, focused on Group 1 and Group 2 Unmanned Aircraft System (UAS) training, mission planning, simulation, and qualification management systems. This event is designed to gather market intelligence on commercially available and emerging solutions to support future acquisition strategies that comply with the National Defense Authorization Act (NDAA) and ensure system interoperability. Procurement professionals and contractors specializing in UAS technologies and training systems should consider this opportunity to engage with NAVAIR and influence upcoming requirements.

  • The Industry Day targets advanced UAS training and mission support systems for smaller UAS groups, emphasizing simulation and qualification management.
  • NAVAIR seeks industry input to shape acquisition approaches aligned with NDAA mandates and interoperability standards.
  • Contracting Officers Diana K. Harritt and John M. Barr are key contacts for engagement and inquiries.
  • Companies offering innovative UAS training and simulation solutions can leverage this event to position themselves for future solicitations and contracts.

Sources

Federal News

DigiFlight Enhances Cybersecurity Compliance Support

πŸ”’ Cybersecurity πŸ›‘οΈ Defense & Military πŸ’» Information Technology

DigiFlight Inc. has appointed Jermaine Stanley as Director of Cybersecurity Compliance to strengthen its ability to assist defense contractors in meeting evolving Department of Defense cybersecurity mandates, including the Cybersecurity Maturity Model Certification (CMMC). This strategic leadership addition positions DigiFlight to better support federal suppliers in accelerating compliance readiness, which is critical for maintaining eligibility for DoD contracts amid increasing cybersecurity requirements and threats.

  • Why this matters: Defense contractors must meet stringent DoD cybersecurity standards such as CMMC to qualify for current and future contracts.
  • DigiFlight's enhanced compliance capabilities indicate growing market demand for specialized cybersecurity support services within the defense supply chain.
  • Procurement professionals should consider DigiFlight and similar vendors as key partners for compliance assistance and risk mitigation.
  • Contractors can leverage these services to streamline certification processes and maintain contract eligibility in a tightening regulatory environment.

Sources

Federal News

DoW Suspends CMMC Phase II Requirements

πŸ”’ Cybersecurity πŸ›‘οΈ Defense & Military

The U.S. Department of War (DoW) has suspended the implementation of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements that were originally scheduled to take effect in November 2026. This decision follows concerns raised by small business defense contractors regarding the high costs and regulatory burdens associated with CMMC Phase II compliance. The suspension initiates a comprehensive review aimed at recalibrating the program to better balance stringent cybersecurity standards with manageable compliance processes, thereby protecting and potentially increasing small business participation in the defense industrial base.

  • The suspension directly impacts small business contractors by alleviating immediate compliance costs and regulatory pressures tied to CMMC Phase II.
  • Procurement professionals should anticipate revised cybersecurity requirements that may emerge from the ongoing review, affecting future contract eligibility and compliance strategies.
  • Industry stakeholders can leverage this development to engage with DoW and SBA on shaping more accessible cybersecurity standards that support small business inclusion.
  • Organizations currently preparing for CMMC Phase II compliance should reassess timelines and resource allocations in light of the suspension and forthcoming program adjustments.

Sources

DoD Suspends CMMC Phase II Implementation

Federal News

DoD Suspends CMMC Phase II Implementation

πŸ”’ Cybersecurity πŸ›‘οΈ Defense & Military

The U.S. Department of Defense has suspended the implementation of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements, originally scheduled for November 10, 2026, to address concerns about high compliance costs and regulatory burdens impacting small and non-traditional defense contractors. This suspension initiates a 60-day review aimed at reforming the program to simplify cybersecurity compliance by emphasizing self-assessments aligned with NIST standards rather than mandatory third-party audits. The pause supports the Department's Acquisition Transformation System by reducing barriers for small businesses critical to the Defense Industrial Base, ensuring continued participation while maintaining robust cybersecurity protections.

  • Why this matters: Small and mid-sized defense contractors can expect reduced compliance complexity and costs, potentially increasing their eligibility for DoD contracts.
  • The shift from third-party audits to self-assessments signals a more scalable and accessible cybersecurity framework.
  • Procurement professionals should anticipate revised cybersecurity requirements and adjust contract evaluations accordingly.
  • Industry stakeholders should engage with forthcoming guidance to align cybersecurity practices with the updated CMMC framework.

Sources

Federal News

DoD Enforces CMMC 2.0 Cybersecurity Compliance

πŸ”’ Cybersecurity πŸ›‘οΈ Defense & Military

The Department of Defense has mandated compliance with the Cybersecurity Maturity Model Certification (CMMC) 2.0 framework for all defense contractors, with a firm deadline of November 10, 2025. This requirement applies especially to small and mid-size contractors who must determine their certification level based on the type of information they handle, such as Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). Compliance involves phased enforcement including self-assessments and third-party certifications, overseen by the CMMC Accreditation Body and supported by the Defense Contract Management Agency. Early preparation is essential due to expected assessment backlogs and the significant costs associated with certification, which directly impact eligibility for DoD contracts moving forward.

  • Why this matters: Defense contractors must achieve and maintain the appropriate CMMC 2.0 certification to remain eligible for DoD contracts, making cybersecurity compliance a critical procurement prerequisite.
  • Small and mid-size businesses should assess their current cybersecurity posture and plan for certification processes to avoid contract ineligibility.
  • Procurement professionals should incorporate CMMC 2.0 requirements into contract solicitations and vendor evaluations to ensure compliance.
  • Organizations can expect increased demand for cybersecurity consulting and certification services as contractors seek to meet these mandatory standards.

Sources

Federal Analysis

Government Agencies Standardize Application Logging

πŸ”’ Cybersecurity πŸ’» Information Technology

Government agencies and regulatory bodies are emphasizing the establishment of standardized enterprise application logging frameworks to enhance security detection, regulatory compliance, and incident investigation capabilities. This initiative aligns with guidelines from NIST, NYDFS, and FFIEC, reflecting a shift toward making structured, tamper-resistant logging a core security requirement rather than a technical afterthought. Contractors and IT security providers supporting government clients should prioritize solutions that enable consistent metadata capture and outcome-focused logging across hybrid and cloud environments to meet these evolving mandates.

  • Why this matters: Agencies require logging solutions compliant with NIST, NYDFS, and FFIEC standards to support security operations and regulatory audits.
  • Procurement professionals should seek vendors offering tamper-resistant, standardized logging frameworks adaptable to complex government IT infrastructures.
  • Contractors can leverage this trend by developing or integrating logging tools that facilitate incident investigation and continuous security monitoring.
  • Organizations should evaluate current logging practices against these frameworks to ensure readiness for compliance and operational effectiveness.

Sources