Defense contractors already know the shift in cybersecurity: it used to be enough to simply self-attest compliance with DFARS/NIST.
Now, under CMMC, contractors must formally attest, and in many cases certify through third-party assessments with requirements going live November 10, 2025.
But here’s another risk: under DoD policy, contractors supporting overseas missions must already maintain Law of War compliance programs and receive training even if personnel remain stateside.
Unlike CMMC, there is currently no overall formal self-attestation requirement for Law of War compliance. However, the DoD’s trend is clear: where risk is high, trust alone isn’t always enough.
With global conflict rising, it’s reasonable to expect that Law of War obligations could evolve into a formal attestation regime.
Forward-leaning defense and space contractors can reduce risk now by ensuring already-required compliance programs are real, documented, and auditable before the government asks for proof.
In the process, these companies are protecting their contracts, operations, and reputations while mitigating harm to protected groups.
🚀 Conflict Orbit is a private law firm focused exclusively on Law of War compliance. Is your program ready?
Richard Waring
Conflict Orbit
South Carolina Office: 40 Calhoun St., Suite 250F, Charleston, SC 29401
D.C. Office: 1050 Connecticut Ave., Suite 500 #5029, Washington, D.C. 20036
Disclaimer: Conflict Orbit is a private entity unaffiliated with the U.S. Government. The views are those of Richard Waring in his private capacity. This post is for informational purposes only and is not legal advice. Viewing or responding to this post does not create an attorney-client relationship. There is no guarantee of results. All information is based on publicly available sources.
Licensed to practice law in South Carolina and in the District of Columbia (D.C.).