What is NDAA FY26 Section 1513?

Section 1513 of the National Defense Authorization Act for Fiscal Year 2026 directs the Department of Defense to deliver to Congress, by June 16, 2026, a plan with timelines and milestones for incorporating an AI/ML security framework into DFARS and CMMC. The provision was the first formal signal that AI/ML controls will become a CMMC scope expansion lane. Section 1513 does not itself create new contractor obligations — it requires DoD to report on how it intends to. The report's content, when delivered, will shape the actual rulemaking that follows.

What does the June 2, 2026 AI Executive Order require?

The EO, titled 'Promoting Advanced Artificial Intelligence Innovation and Security,' directs federal agencies — within 30 days, by July 2, 2026 — to prepare federal and private-sector systems for advanced AI. Three pieces matter for defense contractors: the Committee on National Security Systems is directed to prioritize NSS cyber defense (which is the substrate DoD CC SRG and IL5/IL6 controls draw from); the Treasury must stand up an AI Cybersecurity Clearinghouse for voluntary industry and critical-infrastructure participation; and the EO frames AI/ML security as a federal cybersecurity priority alongside conventional NIST and CMMC tracks.

When will AI/ML controls actually appear in CMMC or DFARS?

Realistic timeline: the DoD plan under Section 1513 will be delivered by June 16, 2026; the rulemaking that follows typically runs 12-24 months given DFARS rulemaking history; the first DFARS clause with AI/ML obligations probably appears 2027-2028 with a phased compliance window. CMMC integration of AI/ML controls likely lags DFARS by 6-12 months given the CMMC program's tendency to harden requirements after a DFARS clause is in place. Defense contractors should plan for the first meaningful AI/ML compliance obligations to start landing in 2028 with full operationalization 2029-2030.

Does this apply to defense contractors that don't develop AI?

Yes, on two dimensions. First: contractors that use AI/ML tools — code copilots, vulnerability scanners with ML inference, automated documentation tools, security analytics platforms — will need to demonstrate that the tools were vetted for use in CUI-handling environments and that the tools' output is governed appropriately. Second: contractors that provide services to AI-developing customers will inherit obligations through flowdown clauses, particularly around supply chain transparency for AI/ML components and incident reporting that includes AI-system anomalies. The 'we don't build AI, so this doesn't apply' framing will not survive the rulemaking.

What should defense contractors be doing now, before the rulemaking?

Four operational moves are defensible now. First: inventory AI/ML tools currently in use against CUI workflows — code generation, documentation, security tooling, productivity applications. Second: document data flows that include AI/ML processing, especially where CUI passes through AI tools (paste into copilots, AI-assisted document drafting, AI-summarized incident reports). Third: extend supply chain risk management (already a Rev 5 expansion area) to explicitly include AI/ML model providers as third-party suppliers requiring vendor risk assessment. Fourth: extend incident response planning to cover AI-system anomalies — model output that exposes CUI, training data leakage, prompt injection on internal AI tools. None of these require waiting for the rulemaking.

Will the AI Cybersecurity Clearinghouse be useful to small defense contractors?

The clearinghouse is structured as voluntary participation, with Treasury serving as the operator. For large defense primes and critical-infrastructure operators with mature threat-intelligence sharing relationships, the clearinghouse will likely be additive rather than redundant. For small and mid-sized defense subcontractors, the clearinghouse may be the most accessible early channel for AI-specific threat intelligence and indicator-of-compromise sharing — particularly during the 2026-2027 window when DoD-specific AI guidance is still being developed. Worth monitoring as the operating model becomes clearer.

AI Coming to CMMC and DFARS: NDAA 1513 + June 2026 EO

Two formal signals dropped within two weeks of each other in mid-2026, and together they mark the first staging of AI/ML security obligations into the DFARS and CMMC frameworks. On June 2, 2026, the White House issued an Executive Order titled “Promoting Advanced Artificial Intelligence Innovation and Security.” Two weeks earlier, the National Defense Authorization Act for Fiscal Year 2026 included a Section 1513 provision requiring the Department of Defense to deliver to Congress, by June 16, 2026, a plan with timelines and milestones for incorporating an AI/ML security framework into DFARS and CMMC.

Neither document creates new contractor obligations yet. Section 1513 requires DoD to report on a plan. The EO directs federal agencies to prepare federal and private-sector systems for advanced AI within 30 days. The rulemaking that turns these signals into contractual flowdown is months to years away. But the two together remove enough ambiguity that defense contractors can now plan for AI/ML compliance obligations as a Q4 2027 to 2028 horizon item — and start the four operational moves that make sense before the rulemaking lands.

This article is the practitioner’s read on what’s known, what’s still speculative, and what defense contractors should be doing now. For broader Q2 2026 context, see our Q2 2026 compliance landscape briefing — the June 5 mid-Q2 update covers both signals among the macro shifts shaping the second half of the year.

What NDAA Section 1513 actually requires

Section 1513 of the NDAA for FY2026 directs the Secretary of Defense to deliver to the House and Senate Armed Services Committees, not later than June 16, 2026, a plan for incorporating an AI/ML security framework into DFARS and CMMC. The plan is required to include:

Timelines and milestones for the framework’s integration into the existing DFARS and CMMC structures
Identification of the control families that would extend or be added to address AI/ML-specific obligations
Assessment of how the existing CMMC tiering structure (Level 1, 2, and 3) would accommodate AI/ML controls — whether as add-on requirements within existing levels, as a parallel certification track, or as a new tier
Cost and burden analysis for defense contractors at the various tiers
Coordination plan with the Cyber AB, NIST (particularly the AI Safety Institute and the NIST AI 100-1 framework), and the relevant DoD components

Section 1513 is a planning provision rather than an authorization. It does not create new contractor obligations. It does not direct the issuance of any DFARS clause. It does not mandate any specific control set. What it does is force DoD to publicly commit to a timeline and structure for AI/ML obligations — which, in DFARS rulemaking history, is the moment when the framework moves from “we’re thinking about this” to “here is the path.”

The report’s delivery on June 16, 2026 will be a useful read. The content — particularly the timeline and the tier-structure analysis — will shape the next 24 months of rulemaking. Defense contractors operating in the CMMC ecosystem should plan to read it as soon as it’s public.

What the June 2 AI Executive Order changes

The June 2, 2026 EO, “Promoting Advanced Artificial Intelligence Innovation and Security,” directs federal agencies on a 30-day window — by July 2, 2026 — to prepare federal and private-sector systems for advanced AI. The EO is broad; three pieces matter most for defense contractors and compliance practitioners.

First, the Committee on National Security Systems (CNSS) is directed to prioritize NSS cyber defense, with explicit reference to AI/ML threats. CNSS is the policy body that produces the CNSSI series — including CNSSI 1253, which is the substrate for the National Security Systems controls layered onto DoD CSP SRG IL5 and IL6 baselines. A prioritization signal from CNSS will work its way into subsequent SRG revisions over 12-24 months. Cloud service providers operating at IL5 or planning IL6 should expect AI-specific control additions in a future v1r4 or v1r5 update — likely as a National Security Systems overlay similar in structure to the existing v1r3 additions.

Second, the Treasury Department is directed to stand up an AI Cybersecurity Clearinghouse for voluntary industry and critical-infrastructure participation. The clearinghouse is intended as a shared intelligence and indicator-of-compromise platform for AI-specific threats — prompt injection campaigns, model exfiltration attempts, training-data poisoning indicators, and similar threat patterns that don’t fit traditional MITRE ATT&CK matrices cleanly. The clearinghouse’s operating model is still being defined; the EO directs Treasury to publish initial structure within 60 days. For defense contractors, the clearinghouse will likely be most useful during the 2026-2027 window when DoD-specific AI guidance is still being developed.

Third, the EO frames AI/ML security as a federal cybersecurity priority alongside conventional NIST and CMMC tracks. This is a positioning signal rather than a rule, but it matters for compliance program planning. Federal agencies — including DoD components, GSA, and the FedRAMP PMO — now have political cover to begin AI-specific compliance work in advance of formal rulemaking. Expect the FedRAMP PMO to publish AI/ML-specific Key Security Indicators (KSIs) as part of the FedRAMP 20x Phase 3 close-out (June 30, 2026) or shortly after.

Where the rulemaking is likely to land

DFARS rulemaking history is reasonably consistent. The pattern from initial congressional direction to first clause issuance runs 18-30 months for substantive new obligations. The DFARS 252.204-7012 clause originated from FY11 NDAA Section 941 (signed January 2011) and was first published as an interim rule in November 2013 — roughly 34 months from authorization to clause. The CMMC rulemaking that produced 32 CFR Part 170 ran from initial DoD framework publication (CMMC v1.0, January 2020) to final rule (October 2024) — roughly 57 months including the v1 → v2 revision in 2021.

The AI/ML lane should run faster than CMMC v1 → v2 (which was substantively reworked) but probably similar to or slightly faster than 7012. Realistic timeline:

June 16, 2026: DoD delivers Section 1513 report
2026 H2 to 2027 Q1: DoD publishes proposed AI/ML control framework, likely as a NIST collaboration product
2027 Q1 to Q3: Public comment period and DoD response cycle
2027 Q4 to 2028 Q1: First DFARS clause with AI/ML obligations published as interim or proposed rule
2028 Q3 to Q4: Compliance window opens for new contracts
2029: Phased flow-down to existing contracts at option exercise
2030: CMMC integration of AI/ML controls likely complete, lagging DFARS by 6-12 months

Defense contractors should plan for the first meaningful AI/ML compliance obligations to start landing in 2028, with full operationalization across the Defense Industrial Base by 2029-2030.

What’s likely in the control framework

The Section 1513 report will define the actual framework. Until it drops on June 16, the structure is speculative, but practitioner consensus is converging on a set of likely control families based on the NIST AI 100-1 framework, the EO’s threat priorities, and the existing supply chain risk management expansion in NIST 800-53 Rev 5.

Likely control families (in our practitioner read, subject to revision when the report drops):

AI/ML supply chain — extends the existing SR family in Rev 5 to explicitly include AI/ML model providers, training data sources, and inference services as supply chain entities requiring vendor risk assessment, provenance documentation, and ongoing monitoring
AI/ML system integrity — controls covering model output validation, training data integrity, prompt injection defense, and inference-time tamper detection
AI/ML access control — controls extending existing AC family to address prompt-injection-as-privilege-escalation, model API access governance, and AI agent identity
AI/ML audit and accountability — controls extending existing AU family to log AI tool usage, model inference requests, training data access, and output disposition
AI/ML incident response — controls extending existing IR family to cover AI-system anomalies, model output that exposes CUI, training data leakage, and prompt injection on internal AI tools
AI/ML personnel and awareness — controls covering AI-specific role-based training, AI tool usage policies, and personnel responsibility allocation for AI/ML workflows

What’s notably absent from the likely framework: AI model development controls. The Section 1513 framing is clearly about contractor use of AI/ML in CUI-handling environments and about AI/ML in the contractor supply chain — not about how AI is developed by the contractor. Defense contractors who use AI tools but don’t develop them will absorb most of the framework’s burden. Contractors who do develop AI/ML systems for DoD customers will likely face overlay obligations under existing DoD AI ethics and safety frameworks (DoD AI Principles, Responsible AI Strategy, JADC2 AI governance) that are separate from the CMMC track.

What contractors should be doing now

Four operational moves are defensible now, before the rulemaking. None require waiting for the Section 1513 report.

First, inventory AI/ML tools currently in use against CUI workflows. This is the single most useful step a contractor can take in 2026. The inventory should cover:

Code generation tools (Copilot, Codeium, Cursor, ChatGPT-for-code)
Documentation tools (AI-assisted Word, AI-assisted Confluence, AI summarization)
Security tooling with ML inference (vulnerability scanners with ML triage, AI-assisted SIEM analytics, anomaly detection platforms)
Productivity applications (AI-summarized email, AI-drafted communications, AI-assisted meeting notes)
Custom AI/ML applications (internal chatbots, internal model deployments, AI agents)

For each, document: vendor, deployment model (cloud, on-premises, hybrid), data flow including CUI exposure, current vendor risk assessment status, current contractual controls (data processing agreement, model training opt-out, output ownership). The inventory becomes the foundation for the AI/ML supply chain section that the rulemaking will require.

Second, document data flows that include AI/ML processing. Particularly relevant for any workflow where CUI passes through AI tools — paste into copilots, AI-assisted document drafting, AI-summarized incident reports, AI-suggested code on CUI-handling repositories. The documentation should include: what data type passes through, what classification level, what controls exist on the AI tool’s data retention and training use, what evidence supports the controls. This work overlaps significantly with existing CUI enclave architecture discipline; defense contractors with strong CUI boundary documentation can extend it to cover AI/ML workflows directly.

Third, extend supply chain risk management to explicitly include AI/ML model providers. The Rev 5 SR family expansion already requires vendor risk assessment, provenance documentation, and criticality analysis for system components. Extending this framework to AI/ML model providers is mechanical: each model provider (OpenAI, Anthropic, Google, Meta, internal LLMs, smaller specialized providers) becomes an entity in the supply chain inventory with documented provenance, criticality rating, and monitoring approach. Contractors with mature Rev 5 SR documentation are already most of the way there; the AI/ML addition is largely documentary.

Fourth, extend incident response planning to cover AI-system anomalies. New incident categories to add to the IR plan:

Model output that exposes CUI (e.g., AI summary that includes classified or controlled data)
Training data leakage (e.g., model that surfaces customer data in unrelated outputs)
Prompt injection on internal AI tools (e.g., adversarial prompts that cause AI to execute unintended actions)
AI tool credential compromise (e.g., AI API key exposure leading to unauthorized inference)
Model behavior drift (e.g., AI tool that begins producing materially different outputs without an explicit model update)

The 72-hour DC3 reporting obligation under DFARS 252.204-7012 applies to AI-related incidents that involve CUI exposure, the same as any other incident. Contractors with mature incident response runbooks should add AI-specific categories now rather than retrofit them under deadline.

What this is not

A few clarifying points, because the AI-in-compliance space has acquired enough speculation that practitioner clarity matters.

This is not the imposition of a new framework that supersedes CMMC. The Section 1513 framework will integrate into existing CMMC structure, not replace it. Contractors pursuing Level 2 certification in 2026-2027 should continue planning around the existing 110-control NIST 800-171 Rev 2 baseline; AI/ML controls will be additive, not substitutive.

This is not a near-term FedRAMP change. The FedRAMP 20x Phase 3 work is continuing on its own track, with closeout June 30, 2026. AI/ML KSIs may appear in Phase 3 or shortly after, but the underlying FedRAMP control baseline is unchanged by either Section 1513 or the EO.

This is not a small-business exemption opportunity. Section 1513 explicitly directs DoD to assess cost and burden across the contractor tiers but does not signal any intent to exempt small subcontractors. Defense contractors at all tiers should plan to absorb AI/ML obligations as they roll out.

This is not a 2026 compliance burden. Even an aggressive rulemaking timeline puts the first clause issuance in late 2027 with compliance windows opening 2028. Defense contractors who are doing the four operational moves above are well-positioned; contractors who wait for the rulemaking will be doing the same work under deadline pressure.

When to engage

The next 12 months are the window where defense contractors can prepare for AI/ML compliance obligations cheaply, before the rulemaking deadlines force the work under time pressure. The highest-impact engagement is during AI/ML tool adoption decisions — which tools to permit for CUI workflows, which vendors to assess, which data flows to document — because architectural decisions made now drive the future compliance cost more than later remediation can recover.

Outside advisory helps most when the contractor is:

Currently deploying AI/ML tools into CUI-handling environments and wants the deployment to be defensible under future obligations
Operating at CMMC Level 2 or 3 and planning the next 18 months of program evolution
Operating under FedRAMP or DoD CC SRG authorizations and wanting to anticipate AI/ML KSIs and NSS overlay additions
Supplying AI/ML services to DoD customers and needing to position the service for the emerging compliance framework

Our CMMC practice and FedRAMP / DoD CC SRG practice both cover the AI/ML compliance preparation work. A scoping conversation usually surfaces the operational priorities for the next 12 months in about thirty minutes.

AI is coming to CMMC and DFARS: NDAA Section 1513, the June 2026 AI Executive Order, and what defense contractors should prepare for