The FY2026 National Defense Authorization Act included a mandate that most defense contractors haven't fully absorbed yet. Section 1513 directs the Department of Defense to develop an AI security framework and incorporate it into the Defense Federal Acquisition Regulation Supplement (DFARS) and the Cybersecurity Maturity Model Certification (CMMC) program. The DoD's plan and status update are due to Congress by June 16, 2026—this week.
This matters for defense contractors in three ways that don't leave much runway.
What NDAA Section 1513 Actually Requires
The NDAA directs DoD to build a framework that addresses AI/ML-specific security risks:
- Data poisoning: attackers contaminate training datasets to misclassify information, generate biased output, or embed hidden vulnerabilities
- Adversarial tampering: attackers deliberately compromise hardware, software, data, or processes
- Unintentional data exposure: sensitive data is accidentally disclosed through mistakes in configuration, handling, access controls, or processes
The framework must be implemented as "an extension or augmentation" of existing DoD cybersecurity frameworks—including CMMC, which was finalized in autumn 2025. Once developed, DFARS will be amended to mandate that DoD contractors implement the framework's best practices. The framework applies to entities "developing, deploying, storing, or hosting AI/ML for DoD."
The scope is broad by design. "Covered" AI/ML includes all associated components: source code, model weights, and the methods, algorithms, data, and software used to develop the AI. That means the large language model your engineers use to draft code, the AI summarization tool your contracts team uses, and the conversational AI your analysts query daily all potentially fall within scope once the framework is incorporated into DFARS.
As the Government Contracts Legal Forum noted in January 2026, "given the size and scope of DoD procurement, these contracting provisions will have a significant impact on the development of cybersecurity standards for AI/ML in the general market and may help establish de facto industry standards that extend beyond the national security sector."
CMMC Is Already Enforcing Boundaries AI Tools Are Silently Crossing
CMMC, finalized in autumn 2025, is already a live compliance requirement in DoD contracts. And CMMC's scope covers any system that touches Controlled Unclassified Information (CUI)—including the AI tools your employees use daily on work devices and in browsers.
This is the governance gap Section 1513 is designed to formalize. The incoming AI framework doesn't create a new risk class that didn't exist before. It creates explicit accountability for a risk that's already materializing in CMMC assessment boundaries right now.
Defense contractors who have scoped their CMMC boundary around traditional IT infrastructure—endpoints, cloud systems, VPNs—without accounting for AI tools that employees use to process or discuss work-related information are operating on borrowed time. The CMMC Final Rule requires third-party assessment by C3PAOs for Level 2 contracts. AI governance will be directly examined by external auditors, not self-attested.
FedRAMP Is Prioritizing AI Authorizations in Parallel
On August 18, 2025, FedRAMP began prioritizing the authorization of AI-based cloud services for federal workers—specifically services providing access to conversational AI engines designed for routine and repeated federal use. ChatGPT Enterprise and API Platform (by OpenAI), Gemini for Government (by Google), and Perplexity Enterprise Pro for Government (by Perplexity AI, Inc.) are currently listed as prioritized services working toward FedRAMP 20x Low authorization.
This creates a practical wedge for defense contractors: FedRAMP is authorizing specific AI platforms, but that authorization covers the cloud service infrastructure—not what employees type into those platforms, whether CUI exits the boundary through a browser session, or whether usage aligns with your CMMC-scoped acceptable use policies.
FedRAMP authorizes infrastructure. The governance layer that sits between user and model—the layer that monitors sessions, enforces policies, and generates the audit evidence CMMC assessors will demand—is not included in the FedRAMP authorization boundary.
The Governance Gap That Exists Today
The Section 1513 framework is still under development. DFARS hasn't been amended. The congressional status update arrives this week. But the CUI leakage risk doesn't wait for regulation to finalize.
Every defense contractor employee who opens a browser and types into an AI assistant—even one on the FedRAMP prioritization list—can inadvertently expose CUI if there's no policy enforcement layer sitting between the user and the model. The Section 1513 framework will define what contractors need to prove to CMMC assessors. The governance infrastructure to generate that proof needs to be built now, not after the DFARS update drops and assessors start asking for it.
The defense industrial base watched CMMC take years from initial NDAA mandate to enforcement. Section 1513 follows the same legislative track. The contractors who are ready when enforcement arrives are the ones who started building governance controls before the assessment requirements were finalized.
Containment.AI enforces AI governance policies at the browser layer in real time—monitoring AI sessions, enforcing CUI-sensitive policy rules, and generating the audit evidence defense contractors need as CMMC AI requirements take shape. See how it works →