Blog

Practical insights on AI governance, NIST 800-171 compliance, and building defensible evidence for defense contractors — through the CMMC suspension and whatever comes after it.

Compliance|

CMMC Phase II Suspended: What Changed on July 13 — and What Didn't

DoD suspended CMMC Phase II third-party assessments on July 13, 2026. Here's exactly what was suspended, what remains in force, and what defense contractors should do now.

CMMCCMMC SuspensionNIST 800-171
Compliance|

The Diligence Artifact Just Got Cancelled. The Liability Didn't.

CMMC certification was going to be a standardized diligence artifact for every defense portfolio company. The July 13 suspension cancelled the artifact and kept the liability — here's what that means for PE operating partners.

Private EquityCMMC SuspensionDue Diligence
AI Governance|

The Evidence Gap Doesn't Wait for the Task Force

DoD's CMMC Reform Task Force reports in 60 days. Waiting to see what it says feels prudent — but evidence gaps are retroactively unfixable, and every ungoverned month is a permanent hole in the record.

AI GovernanceCMMC SuspensionAudit Trails
Compliance|

You Sign the SPRS Affirmation Alone Now

The CMMC suspension removed the third-party assessor — but the annual SPRS affirmation of NIST 800-171 compliance survives untouched. Here's what that means for whoever signs it.

SPRSNIST 800-171CMMC Suspension
Implementation|

Building an AI Approved Tool Registry for CMMC Compliance

A practical guide to creating an approved AI tool registry that satisfies CMMC Level 2 requirements and keeps your team productive.

Tool RegistryCMMCImplementation
Risk Management|

Shadow AI: The Hidden Risk in Your Defense Contracts

Your employees are using AI tools you don't know about. Here's why shadow AI is the biggest compliance threat facing defense contractors today.

Shadow AIRisk ManagementCUI
Compliance|

AI Audit Trails: What Your C3PAO Assessor Will Ask For

C3PAO assessors are asking about AI. Here's exactly what audit trail evidence you need to have ready for your CMMC Level 2 assessment.

Audit TrailsC3PAOCMMC
Compliance|

CMMC Phase 2 and AI Governance: What Defense Contractors Need to Know

CMMC Phase 2 enforcement is here. Learn how AI usage creates compliance gaps for defense contractors and what governance steps you need to take now.

CMMCAI GovernanceDefense Contractors
Strategy|

Why Banning AI Is Not a Compliance Strategy

Some defense contractors think banning AI solves the compliance problem. Here's why prohibition fails and what actually works.

AI StrategyComplianceDefense Contractors