Noisy
← this week  ·  Subscribe →

The world is being quietly rearranged by people who write very long documents.

Federal Register · September 10, 2025
The title they went with Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) Noisy translates that to

Defense contractors must now prove their cybersecurity to get paid

What happened
The US Department of Defense is making its cybersecurity standards mandatory for contractors. Companies that want to work with the military must now prove they meet these standards, or they will not get contracts.
Why it matters
For years, defense contractors could largely self-attest to their cybersecurity practices. This rule means they must now undergo formal, third-party certification to secure contracts. This shifts the burden of proof and adds a new cost for many firms, especially smaller ones, but aims to reduce vulnerabilities in the defense supply chain.
The signal
Watch for how many small and medium-sized defense contractors struggle to meet the new certification requirements, or if the Department of Defense provides new support programs.
If you insist
Read the original →