Skip to main content
govconCyber

The Free Cybersecurity Law Reference for Government Contractors

Your plain-language map to the national procurement cybersecurity ecosystem.

Find My RequirementsExplore the Reference Library ↓

Start here: the baseline you already owe

Before any FAR or DFARS clause applies, federal and state law already requires your business to secure data and report breaches — the FTC Act, all-50-state breach laws, and rules like GLBA and HIPAA. The contractor requirements build on top of that legal baseline. Make sure you meet it first.

See the legal baseline →

Recent Developments

June 2026Rule Updates

Trump's AI Executive Order: What the Frontier-Model Review and Coming CISA Directives Mean for Contractors

A June 2, 2026 executive order sets up a voluntary pre-release security review of frontier AI models and puts CISA on a 30-day clock for new cyber directives. Most binding obligations reach contractors through agencies, clauses, and the supply chain.

Read more →
June 2026Rule Updates

CIRCIA Is Almost Final: The Third Cyber-Reporting Clock Contractors Can't Ignore

CISA's long-delayed cyber-incident reporting rule is back in finalization. For government contractors, it adds a third reporting clock on top of the ones you already run.

Read more →
June 2026Analysis

"CMMC for AI": What the NDAA's New AI Security Framework Means for Defense Contractors

The FY2026 defense law directs DoD to build a security framework for the AI it buys and wire it into DFARS and CMMC. A status report to Congress is due June 16, 2026.

Read more →
May 2026Compliance Guidance

What Is CMMC 2.0 and Who Does It Apply To?

CMMC 2.0 is live and phasing into DoD contracts. Here is what the program requires, the three levels, and who needs which.

Read more →
View all updates →

Not Sure Where to Start?

GovConCyber is a free legal reference — not a law firm. We cover the federal cybersecurity rules that apply to government contractors: what they require, who they apply to, and what you need to do. Start here if you're new to the site.

Find My Requirements

Answer a few questions about your contract type and data to get a plain-language summary of your obligations.

Get started →

New to Cyber Compliance?

Start with the fundamentals: what the key frameworks are, why they exist, and how they affect your contracts.

Read the basics →

Look Up a Term

Plain-language definitions for CUI, CMMC, DFARS, FedRAMP, and many other key terms.

Browse the glossary →

Browse the Reference Library

Federal Requirements

FAR, DFARS, frameworks, and agency-specific rules

State Requirements

State-level cyber laws affecting government contractors

Industries

Sector-specific obligations: defense, healthcare, finance, and more

Compliance Tools

Checklists, templates, and program-building guides

Enforcement

Actions, penalties, and False Claims Act case law

Learn

Cybersecurity 101 and a plain-language glossary

About GovConCyber

GovConCyber is a free, independent legal reference for government contractors. We translate complex federal cybersecurity requirements into plain English — without the billable hour. Content is reviewed for accuracy against the underlying statutes, regulations, and official guidance, and updated periodically as those rules evolve.

Learn more about this site →
Free to Use
No paywalls, no subscriptions, no ads.
Sourced to Primary Law
Every factual claim is cited to the underlying statute, regulation, or official agency document.
Updated Periodically
Pages are reviewed for accuracy and carry a visible 'Last reviewed' date — see the date on each page.