US-CONGRESS BILLS-119s4784rs: National Defense Authorization Act for Fiscal Year 2027
The National Defense Authorization Act for Fiscal Year 2027 introduces new cybersecurity requirements and changes to small business set-asides, impacting defense contractors and federal grant recipients.
Aforeworn detected this change in the Government Contracting (SAM/FAR) space on July 16, 2026 and published this briefing so affected operators are forewarned rather than caught off guard. It is rated High urgency. Small business set-asides, defense contractors, GSA schedule holders, federal grant recipients should confirm how it applies to their specific situation before acting. There is a time constraint attached: Effective October 1, 2027; compliance required by contract award date. Acting after that point can mean penalties, a lapsed licence, or lost eligibility — exactly the kind of surprise Aforeworn exists to prevent. Aforeworn monitors Government Contracting (SAM/FAR) continuously and turns every detected change into a plain-English briefing like this one, so you always know first. Forewarned is forearmed.
What changed
New cybersecurity clauses (CMMC 2.0) and updated FAR/DFARS provisions for small business set-asides
Who it affects
Small business set-asides, defense contractors, GSA schedule holders, federal grant recipients
What you must do
Review and update cybersecurity posture to meet CMMC Level 2 requirements; adjust set-aside eligibility documentation
Deadline
Effective October 1, 2027; compliance required by contract award date
Source: https://www.govinfo.gov/app/details/BILLS-119s4784rs
Never miss a change like this again
Aforeworn watches Government Contracting (SAM/FAR) around the clock and alerts you the moment a rule moves — with a plain-English brief on what to do.
Start your free trialRelated changes in Government Contracting (SAM/FAR)
- Proposed RFO Rule Would Create Procurement Integrity-Specific Process for Protecting or Releasing Contractors’ Proprietary Information - The National Law Review
- Revolutionary FAR Overhaul: FAR Council Proposes Streamlined Public Notice Requirements Under FAR Part 5 - The National Law Review
- US-CONGRESS HR4123: FIT Procurement Act
- Years in the Making, Suspended in a Day: DoD/W Halts CMMC Phase II but Keeps Baseline Cybersecurity Obligations - regulatoryoversight.com
- Department of War Suspends CMMC Phase II Requirements, but Cybersecurity Obligations Remain - Morgan Lewis