The FY26 National Defense Authorization Act has done something the cybersecurity standards bodies have spent two years circling: it has formally pulled artificial intelligence and machine learning into the Cybersecurity Maturity Model Certification regime that already governs the defense industrial base.
It did it quietly, in a single section of a 3,000-page bill, and it set a deadline that is now one week away.
What Section 1513 Actually Says
The relevant provision is Section 1513 of the FY26 NDAA. According to the Crowell & Moring client alert summarizing the law, Section 1513 "directs the Department of Defense (DoD) to develop and implement a framework addressing the cybersecurity and physical security of artificial intelligence and machine learning technologies (AI/ML) acquired by the Pentagon." That framework, in turn, is to be folded into the Defense Federal Acquisition Regulation Supplement (DFARS) and the CMMC program — both of which already define the cybersecurity floor for every prime contractor and subcontractor in the defense industrial base. Crowell summarizes the mechanism: the framework "must be implemented as 'an extension or augmentation' of existing DoD cybersecurity frameworks, including CMMC." (Crowell & Moring)
The scope of what gets pulled in is broad. The framework applies to "covered" AI/ML, which Crowell describes as "AI/ML acquired by DoD and all associated components, including source code, model weights, and the methods, algorithms, data, and software used to develop the AI/ML." Not just the model. The training data, the algorithms, the development pipeline. (Crowell & Moring)
The deadline that matters this month: Section 1513 "does not provide an implementation deadline for the framework or security requirements but instructs the DoD to create a plan establishing implementation timelines and milestones and to provide a status update to Congress by June 16, 2026." (Crowell & Moring) That status update is the moment when the first concrete contours of CMMC-for-AI become public.
Why This Is Not Just "Another AI Policy"
There is a useful comparison hidden in the same alert. CMMC itself "began with a provision in the FY2020 NDAA and took years to finalize, only recently coming into effect. Despite its slow burn, many contractors have found themselves unprepared for CMMC's roll-out." (Crowell & Moring) The FY26 NDAA is now starting the same clock, on a different technology, against the same defense industrial base.
Section 1513 sits inside a deliberate cluster of AI/ML cybersecurity directives. Section 1512, according to the WilmerHale alert on the NDAA, "requires the Pentagon, in coordination with other agencies, to establish a comprehensive cybersecurity and governance policy for all AI and machine learning systems used within the Pentagon within 180 days of enactment. The policy must address risks such as adversarial attacks, data poisoning and unauthorized access while ensuring continuous monitoring and incident reporting." (WilmerHale) Section 1533, separately, tasks the Secretary of Defense "with establishing a cross-functional team for AI model assessment and oversight by June 2026." (WilmerHale)
The trio is coordinated. Section 1512 builds the Pentagon's internal AI/ML cybersecurity policy. Section 1513 turns that policy into something contractors will be assessed against, via DFARS and CMMC. Section 1533 is the model-assessment governance layer. Together they describe a regulatory perimeter that didn't exist eighteen months ago.
And that perimeter is going to extend. As Crowell notes, "Given the size and scope of DoD procurement, these contracting provisions will have a significant impact on the development of cybersecurity standards for AI/ML in the general market and may help establish de facto industry standards that extend beyond the national security sector." (Crowell & Moring) Translation: what gets written for the defense industrial base in 2026 sets the floor for AI cybersecurity expectations in regulated industries in 2027 and beyond.
What Section 1513 Doesn't Reach
The statute is precise about what it covers: AI/ML "acquired by DoD," with the framework applying to "covered entit[ies]," defined by Crowell as "entities entering into contracts or agreements with the DoD for the development, deployment, storage, or hosting of covered AI/ML." (Crowell & Moring)
That scope is large. It is also bounded. Section 1513 governs the AI/ML systems and components that the Pentagon procures. It governs the cybersecurity posture of the contractors that build, host, or deliver those systems. What it does not, on its face, govern is the day-to-day generative-AI consumption that takes place inside a defense prime's engineering organization — the cleared software engineer who copies a function from a controlled-source repository into Claude or ChatGPT to ask for a refactor, the program manager who pastes a procurement memo into a public LLM to summarize it, the analyst who uploads a slide deck to a consumer-grade chat tool for a one-line summary.
Those data flows are not what the framework directly addresses. But they are exactly the data flows that drive most defense-industrial-base AI risk in 2026. The technology that Section 1513 regulates lives mostly in formal program offices; the technology that creates incidents lives in employees' browser tabs.
The DoD's own posture acknowledges the acceleration. Secretary Hegseth's January 12, 2026 AI Strategy for the Department of War directs the CDAO "to establish a delivery and integration cadence with AI vendors that enables the latest models to be deployed within 30 days of public release," and to make that cadence "a primary procurement criterion for future model acquisition." (DoD AI Strategy, Jan 12 2026) Faster procurement of AI on the DoD side means faster diffusion of frontier-model usage on the contractor side. The compliance team's job is to govern that diffusion before the first incident report.
What Defense Primes and Aerospace OEMs Should Be Doing Before June 16
The June 16 status update will not, on its own, finalize the framework. It will publish the timeline and milestones. That is enough to start preparing.
1. Map the AI/ML surface inside your company that you cannot today produce a log for. Section 1513 will eventually require defense contractors to demonstrate cybersecurity controls over covered AI/ML — and contractors who can produce an audit trail of every prompt and response that crossed the boundary between an employee and an external model will be unambiguously ahead of contractors who cannot. Most defense primes today cannot.
2. Treat the employee-facing generative AI layer as in-scope, even though Section 1513's literal text does not yet require it. As the Freshfields alert frames the broader trajectory of AI security requirements in the FY26 NDAA, contractors that "anticipate and tailor their product lines to satisfy these unique security concerns will be well positioned." (Freshfields) The framework will move. The audit-trail expectation will not narrow over time.
3. Establish a policy layer that fires before sensitive data leaves the workstation. Section 1513's risk-based framework, as WilmerHale summarizes, addresses "adversarial attacks, data poisoning and unauthorized access while ensuring continuous monitoring and incident reporting." (WilmerHale) For a defense prime, "unauthorized access" includes the case where controlled technical data is pasted into an LLM that lies outside the contractor's certified boundary. Stopping that paste — and logging the attempt — is the part of the perimeter the statute does not give you. You have to build it.
4. Get your compliance, security, and engineering leadership reading the June 16 status update the day it lands. The contractors that survived CMMC's first wave were the ones who watched the rulemaking before the rule, not after.
The FY26 NDAA's Section 1513 is the clearest signal yet that the cybersecurity perimeter around defense-industrial-base AI is going to be measured the same way the data perimeter has been measured for a decade: by what you can prove, in an audit, that you controlled. The Pentagon-side framework is on a defined schedule. The contractor-side boundary — the layer where engineers actually interact with frontier models — is not in the statute. It is in your operating posture.
Containment.AI enforces AI governance policies in real time at the proxy layer, in the browser, and in the admin dashboard. If your team supports DoD programs and needs an auditable record of every AI interaction that crossed your contractor boundary, request a demo.