Defense Federal Acquisition Regulation Supplement
Technology and AI companies with Department of Defense contracts are navigating an accelerating series of DFARS rule changes that directly affect software supply chain security, AI system procurement, and data handling obligations. The Office of the Under Secretary of Defense for Acquisition and Sustainment, the Defense Contract Audit Agency, and the Defense Advanced Research Projects Agency each hold enforcement and contracting authority that touches how tech vendors price, disclose, and secure AI-enabled products sold to the federal government. Compliance teams are currently mapping DFARS 252.204-7012 cybersecurity clauses and the Cybersecurity Maturity Model Certification interim rule against their existing vendor and subcontractor agreements.
Watch
- DFARS 252.204-7012 flowdown requirements for AI-integrated subcontractors
- CMMC 2.0 final rule: Level 2 self-assessment deadlines for tech prime contractors
- Defense Contract Audit Agency scrutiny of IR&D cost claims tied to AI R&D
- Proposed DFARS rule on software bill of materials disclosure for DoD-facing SaaS products
- Foreign ownership, control, or influence reviews affecting AI firm DoD eligibility
Recent material activity in Technology, AI & Competition
-
NIST releases updated AI Risk Management Framework companion guide for critical infrastructure
NIST published AI RMF 1.1 companion guidance specifically addressing AI deployment in critical infrastructure sectors including energy, financial services, and healthcare. The guide introduces mandatory risk assessment c…
Read a full sample brief →