What we’re talking about
A Department of Defense (DoD) class deviation has postponed the CMMC compliance requirement originally set for October 1, 2025. This requirement, effective as of September 3, 2025, notifies contracting officers that they are not to use the DFARS 252.204-7021 contract clause in new solicitations and contracts. This class deviation will remain in effect until the
The AUKUS nuclear submarine program is under a Pentagon review to access if the agreement will leave the U.S. Navy with sufficient submarine fleet assets to address its national security requirements. There have been concerns that the current agreement would leave the United States with a shortage of Virginia class boats due to challenges in
In an attempt to level the playing field, the Bureau of Industry and Security (BIS) revokes Validated End-User (VEU) waivers that allowed foreign-owned semiconductor facilities in China to import U.S. technology without licenses. Companies such as Samsung and SK Hynix will now be required to obtain licenses for their operations. This move aims to level
Microsoft has been using Chinese engineers to assist with the maintenance of the Department of Defense’s (DoD) cloud systems, supervised by U.S. personnel known as “digital escorts.” This arrangement, which dates back decades, involved using U.S. citizen Microsoft employees with security clearances to oversee work being done on highly sensitive databases. In many cases these
Revisions to the International Traffic in Arms Regulations (ITAR) and the United States Munitions List (USML) have been released to streamline compliance and enhance national security while facilitating trade with United States allies. The Department of State Directorate of Defense Trade Controls (DDTC) has released these changes to clarify the ITAR and remove defense articles
The National Institute of Standards and Technology (NIST) is developing control overlays for securing Artificial Intelligence (AI) systems to help organizations manage cybersecurity risks associated with various AI use cases, including generative AI and predictive AI. These overlays are designed to help organizations manage cybersecurity risks associated with various AI applications. The NIST AI control
The Bureau of Industry and Security (BIS) has recently paused the processing of new export license applications, leading to significant delays. This pause, which affects applications submitted after February 5, 2025, has raised concerns about the impact on business. The pause is part of an internal review of licensing policies initiated by Undersecretary Jeffrey Kessler
C-suite cybersecurity responsibilities include promoting a security culture, aligning cyber and business strategies, and provision of resources. This requires involvement by all executives not the Chief Information Security Officer (CISO). The prevention of a cybersecurity incident should be a key element in business strategy because of loss of operations, financial loss, and damage to organizational
The US Senate has approved the Export Control Transparency Act in an effort to enhance oversight of the Bureau of Industry and Security (BIS) dual use export controls. This Act will require the BIS to submit quarterly reports to Congress detailing export licensing requests. This reporting would include aggregate statistics on all license applications and
The Bureau of Industry and Security (BIS) is considering a 50% rule to address loopholes that are being used by subsidiaries of parent organizations on the BIS entity list. The proposed regulation would be similar to current to regulations enacted by the Office of Foreign Asset Controls (OFAC). This action would impose licensing requirements across
Self disclosure and cooperation in the investigation of export regulation violations by an entity’s acquiror has led to a waiver of prosecution against the acquiring company (White Deer Management LLC). The Department of Justice’s National Security Division and the Southern District of Texas’s United States Attorney’s Office have also decided to decline prosecution of the
Sequencing MIL-STD-810 tests methods can be a challenge when developing an Environmental Test and Evaluation Master Plan (ETEMP). Determining a representative test sequence is essential for generating representative cumulative environmental stressors that will provide an accurate evaluative process. The standard provides, in most cases, vague and general guidance in Part 1 and in each of
The Bureau of Industry and Security (BIS) has issued new guidance for Advanced Computing ICs in an effort to prevent diversion of electronics that could be implemented in Weapons of Mass Destruction (WMD). The BIS also updated Supplement No. 3 to Part 732 “Know Your Customer” Guidance and Red Flags to provide a due diligence
DoD Acquisition nominee Michael Duffy plans to review Cybersecurity Maturity Model Certification (CMMC) implementation in an effort to balance a need for security and excessive regulation. Duffy also recognized the need for affordability for the Defense Industrial Base (DIB) to maintain cybersecurity best practices to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Duffy
Recent studies have shown that organizations are not ready for CMMC. The Aware but not Prepared report from Redspin states that only half of the Defense Industrial Base (DIB) are even moderately prepared for a Level 2 certification. Despite a five year roll out for the final rule from the Department of Defense (DoD) DIB
The International Trade Administration (ITA) has released the 2025 Defense Export Handbook to provide an overview of U.S. trade laws governing the export of defense products. This handbook also gives guidance to new-to-market exporters on evaluating international markets and includes contact information for export control, trade promotion, and licensing. The publication describes U.S. statutes that
