The Department of War's Post-Reauthorization SBIR Suite Is Live, the ART Program Is the New Centerpiece, and CMMC Level 2 Is Now the Compliance Floor. What 90 Open Topics in 60 Days Tell You About the New Defense Innovation Pipeline.

The Small Business Innovation Research and Small Business Technology Transfer programs lapsed on September 30, 2025, when the prior authorizing statute expired and Congress did not pass a clean reauthorization in time. The lapse triggered the largest disruption in the program's forty-three-year history. The Department of Defense — formally redesignated the Department of War on October 1, 2025 — stopped accepting new SBIR proposals at the end of September. Several other agencies followed. NIH closed all twenty-three of its open SBIR/STTR opportunities on November 17 (deep dive here). NSF froze its program in January 2026 and did not reopen until June. From October 2025 through April 2026, the federal small business innovation channel ran at a small fraction of its normal cadence.

The legislative impasse broke on April 13, 2026, when the President signed Public Law 119-83, the Small Business Innovation and Economic Security Act (S. 3971), reauthorizing both programs through September 30, 2031. The new authorization is not a clean rollover of the prior statute. It restructures the program around new mechanisms, new oversight requirements, and new compliance obligations. Each agency had to implement the new structure into its own solicitation practice, and the agencies have done so at very different speeds.

The Department of War moved first and fastest. On April 20, exactly one week after the President's signature, DoW issued its implementation announcement and began releasing topic solicitations under the new statutory framework. Over the next six weeks, the agency released more than ninety topics through the DSIP portal, ran a major release with a June 3 close, and queued additional releases through the summer. AFWERX and SpaceWERX, the Air Force and Space Force innovation arms, opened their own SBIR/STTR solicitations within the same window. The DSIP portal returned from a six-month dormancy with the largest topic volume of any agency in the reauthorization rollout.

For small businesses that work with the defense innovation ecosystem, the speed and scope of the DoW relaunch is the most consequential operational fact of the post-reauthorization environment. This piece works through what Public Law 119-83 changed structurally, what the Department of War's implementation looks like in practice, why the new Accelerated Research for Transition Program is the most important new mechanism, how CMMC Level 2 reshapes the compliance floor, and how small businesses should position for the post-freeze defense pipeline.

What Public Law 119-83 Changed

The Small Business Innovation and Economic Security Act is the largest structural rewrite of the SBIR/STTR statute since the 2011 reauthorization. The bill makes five changes that matter for defense applicants.

Strategic Breakthrough Awards. Section 3 of the act creates a new mechanism, restricted to agencies with SBIR/STTR budgets above $100 million, providing up to $30 million over forty-eight months for technologies pushing from a completed Phase II toward operational deployment or commercialization. Applicants must demonstrate 100 percent matching funds from new private capital or qualifying government sources. At the Department of War, additional requirements apply: demonstrated technology readiness, a commitment for inclusion in the Program Objective Memorandum from a senior acquisition official, and a minimum 20 percent match from new DoW sources outside the SBIR/STTR account.

Submission caps. Section 4 authorizes each agency to set limits on the number of proposals a single small business can submit per fiscal year, per solicitation, or per topic. The caps become effective at the start of fiscal year 2027 (October 1, 2026). The Department of War has signaled that it will issue topic-level caps, meaning a small business cannot stack five proposals against five different topics in the same release and expect all five to receive substantive review.

Enhanced national security screening. Section 2 implements broader due diligence on foreign ownership, foreign personnel, foreign collaborator relationships, and foreign investment exposure. Awards are barred to companies with connections to eight specified federal watch lists. The screening extends to cybersecurity practices, patent portfolios, and personnel affiliations. Companies denied awards receive a written basis for the determination and may reapply once the disqualifying condition is resolved.

TABA expansion. Technical and Business Assistance funding now covers cybersecurity support, I-Corps participation, and internal staff hiring for market research and intellectual property strategy. For defense-adjacent small businesses, the cybersecurity TABA expansion is the most useful change because it lets companies fold CMMC preparation costs into the SBIR budget rather than treating them as overhead.

Acquisition staff training. The act mandates that federal acquisition staff complete training on SBIR/STTR program goals, Phase III sole-source authority, and data rights. This change is invisible at the application stage but should reduce friction in DoW Phase III sole-source procurements, which have historically been the most difficult Phase III channel to execute despite the most explicit statutory authority.

How the Department of War Implemented

The DoW April 20 implementation announcement reorganized the agency's SBIR/STTR enterprise around three innovation outcomes: differentiated technology, scalable products, and operational capability innovation. The reorganization is internal taxonomy; the externally visible artifact is the topic release cadence and the new program structures.

The agency released over ninety topics in the six-week window between April 20 and June 3, with a major release closing June 3 and additional releases queued for June 24 and July 22. Each topic carries a $250,000 Phase I award ceiling under the 2026 framework, with Phase II ceilings ranging from $1.7 million to $2 million depending on component and Direct-to-Phase II availability varying by topic. The release sequencing is the part of the rollout that most differs from prior years. Historically, DoW ran two large SBIR releases per year, in roughly April and September, with topic windows of forty-five to sixty days. The post-reauthorization cadence is faster and more granular: smaller releases, shorter windows, more topics in the pipeline at any given time.

AFWERX and SpaceWERX both reopened in late April and have run their own solicitation streams through the spring. The AFWERX 26.1 SBIR Phase I Open Topic and the SpaceWERX 26.1 STTR topic stream are both active. The Air and Space Force structure permits faster turnaround than the broader DoW component solicitations because the AFWERX team has direct authority over topic releases without needing component-level Program Office sign-off for each window.

The most notable structural addition is the Accelerated Research for Transition Program — ART, in the agency's acronym preference. ART is the post-reauthorization centerpiece, and it deserves its own treatment.

Why the ART Program Is the Centerpiece

The persistent failure mode of the SBIR/STTR program at the Department of War has been the Phase III transition. The statute creates a sole-source procurement authority that allows the government to award follow-on contracts to SBIR awardees without re-competing the work, on the theory that the SBIR award itself constitutes the competitive process. In practice, Phase III contracts have historically been hard to execute because the relevant program offices — the Program Executive Offices that buy weapon systems and capabilities — often did not participate in the SBIR topic selection, did not have line-item budget for the post-Phase-II transition, and viewed the SBIR pipeline as a research function rather than an acquisition function.

The ART program tries to fix that. Under the new structure, DoW Phase II awardees can apply for ART funding to bridge the gap between Phase II completion and acquisition transition. The program requires a documented commitment from a sponsoring Program Executive Office, a defined transition path into a program of record, and a budget submission to the Program Objective Memorandum that earmarks a planned procurement of the SBIR-developed capability. In exchange, the ART award provides funding to mature the technology to acquisition-ready status — typically Technology Readiness Level 8 or 9 — and to perform the integration, testing, and certification work that an operational program of record requires.

The mechanism is the Department of War's most explicit attempt to date to connect the SBIR pipeline to the acquisition spine. The structural innovation is the up-front PEO commitment. Historically, SBIR awardees pursued PEO interest after Phase II, often without success because PEOs had no advance notice of the work. The ART requirement that PEO interest be documented before the award flips the sequencing: the acquisition side has to indicate intent in advance, which in turn forces SBIR program managers to design topics with named PEO sponsors rather than as freestanding research lanes.

For small businesses approaching Phase II completion, the ART Program is the first realistic vehicle for funded transition support that the agency has offered. Prior bridging mechanisms — including the Commercialization Readiness Program, the Defense Innovation Unit's transition awards, and various component-specific pilots — produced occasional successes but were not structural. ART is structural. Companies finishing Phase II in late 2026 and 2027 should evaluate ART seriously and should begin pre-engaging candidate PEOs now, before the topic-level ART opportunities post.

Why CMMC Level 2 Is Now the Compliance Floor

Public Law 119-83 did not create the Cybersecurity Maturity Model Certification program. CMMC predates the reauthorization and has been in phased rollout since 2020. What changed in late 2025 and early 2026 is that the CMMC Level 2 self-assessment requirement became binding on Department of War contractors that handle Controlled Unclassified Information. The effective date for the binding self-assessment was November 10, 2025. By the time the post-reauthorization topic releases began in April 2026, every DoW solicitation that requires handling of CUI carried a CMMC Level 2 self-assessment requirement.

The practical implication for SBIR applicants is that the compliance floor has risen. Under the prior regime, small businesses could win Phase I awards with informal cybersecurity hygiene — a commercial endpoint detection and response tool, basic access controls, and standard cloud-provider security — and worry about CMMC compliance at the Phase II transition. Under the current regime, the Level 2 self-assessment must be in place before the contract is awarded for any topic that touches CUI. Many of the post-reauthorization DoW topics touch CUI, including most of the topics in the Defense Sciences Office, the Microsystems Technology Office, the Biological Technologies Office, and the component-level releases from the Air Force, Navy, and Army.

Level 2 self-assessment requires implementation of the 110 controls in NIST Special Publication 800-171 Revision 2, plus annual review and renewal. For a small business with no prior cybersecurity infrastructure, the implementation cost typically runs $50,000 to $150,000 in first-year setup — covering endpoint controls, multi-factor authentication, audit logging, encrypted communications, configured backup systems, incident response procedures, and the documentation that the self-assessment requires. Annual maintenance runs $20,000 to $40,000. The TABA expansion in the new statute is designed in part to defray these costs by allowing cybersecurity support to be funded inside the SBIR budget rather than from company overhead.

Three CMMC-related missteps are most common among first-time DoW SBIR applicants. First, treating CMMC as a Phase II problem rather than a Phase I problem. The self-assessment must be in place before contract award. A company that wins a Phase I in October and is not Level-2 compliant cannot start work until the compliance gap is closed. Second, attempting to self-implement without external assistance. The 110-control framework is more demanding than typical commercial cybersecurity practice, and the documentation burden is the part most companies underestimate. A registered practitioner organization can compress the implementation timeline from twelve months to three or four. Third, ignoring the third-party verification trajectory. While the current requirement is a self-assessment, the Level 2 third-party assessment is being phased in for higher-priority contracts; companies that build to the third-party standard now avoid retrofitting later.

How Small Businesses Should Position

For small businesses evaluating the post-reauthorization DoW landscape, four positioning moves dominate the strategy.

Pick topics that align with named PEO sponsors. The post-reauthorization topic releases are structured around named PEO interest more visibly than the prior generation of topics. Topics that name a sponsoring program office are more likely to produce Phase III transition opportunities than topics that read as freestanding research. Read the topic introductions carefully and prioritize topics with explicit PEO language.

Build CMMC Level 2 compliance now, not at award. The compliance floor is non-optional. Companies that delay compliance investment until they win a Phase I will find themselves unable to start work. Budget the implementation as a 2026 capital expense and treat the TABA cybersecurity expansion as an offset rather than the primary funding source.

Map a Strategic Breakthrough trajectory before Phase II completion. The $30 million Strategic Breakthrough mechanism is the most ambitious post-reauthorization addition, but it requires a completed Phase II and 100 percent matching funds. Companies entering Phase II now should be planning the matching capital — venture rounds, government-acquisition pull-through, state economic development funds — that would qualify for the Strategic Breakthrough match. Companies that wait until Phase II completion to think about the match typically cannot assemble it in time.

Watch the submission cap rollout closely. The October 1, 2026, effective date for submission caps means that the upcoming summer release windows are the last opportunity to file high-volume application portfolios at the Department of War. Companies that have historically run shotgun strategies — five or six proposals across a release — should use the remaining caps-free windows strategically and prepare to consolidate around two or three strong proposals per release once the caps take effect.

What the Post-Freeze Pipeline Tells You

The Department of War's six-week sprint from reauthorization to ninety-plus open topics is structurally different from the agency's historical SBIR/STTR cadence. The faster release tempo, the new ART program, the Strategic Breakthrough mechanism, the explicit PEO sponsorship requirements, and the hard CMMC Level 2 floor combine to produce a defense innovation pipeline that is more demanding at the front end and more rewarding at the back end. The entry barriers are higher; the transition pathways are clearer.

For founders who have run defense SBIR programs through the prior decade, the new structure is a meaningful upgrade — provided they invest in the CMMC compliance and the PEO engagement work that the new floor requires. For first-time defense applicants, the entry barriers are real and should be priced into the decision to engage with the channel. The TABA expansion makes the cybersecurity investment partially recoverable, and the ART and Strategic Breakthrough mechanisms make the back end materially more valuable than it was eighteen months ago. But the gap between casual SBIR shopping and serious defense innovation engagement is wider after Public Law 119-83 than it was before.

The summer release windows through August will be the proving ground. Companies that compete strongly in those windows — with PEO-aligned topic selection, completed CMMC self-assessments, and credible Phase III transition narratives — will define what the post-reauthorization defense SBIR program looks like for the next five years. The agency moved fast. The applicants need to move faster.