Government contracting M&A is accelerating. According to The McLean Group, Q1 2026 was the strongest single quarter for Defense M&A, with 104 closed transactions. This increase is partly influenced by the US General Services Administration’s procurement consolidation, which is reshaping how federal spending flows through managed vehicles. 

But what buyers are really acquiring is not just revenue. It is permissions: permissions to bid on set-aside work, use contract vehicles, handle sensitive data, and recover costs. Six converging changes in 2026 threaten to strip those permissions away at the moment of transaction. 

For private equity buyers in particular, where deal models often underwrite revenue stability and set-aside transferability, the stakes are significant. 

1. DOGE Terminations and the Government Shutdown Are Distorting Financials

By February 2025, DOGE had terminated more than 2,400 contracts and issued stop-work orders on 200+ more, with professional services hit the hardest. The 43-day government shutdown that followed delayed payments, stalled awards, and created unusual accounts receivable patterns across the industry. 

Standard Quality of Earnings (QoE) normalization removes isolated one-time items. It is not built for overlapping disruptions affecting revenue, backlog, collections, and pipeline simultaneously. Buyers treating DOGE terminations as a simple add-back exercise miss the bigger question: is the remaining revenue base stable? 

What this means for diligence: 

  • Civilian services revenue and defense technology revenue now carry different forward-risk profiles and should be modeled separately 
  • Shutdown-driven AR aging is a timing issue; pre-existing aging may signal credit or collection risk 
  • Backlog tied to affected agencies or vehicles requires separate sensitivity analysis, not a blended haircut 

2. FY2026 NDAA Changes to CAS and TINA Thresholds Create Hidden Exposure 

The FY2026 National Defense Authorization Act (NDAA) raised thresholds for Cost Accounting Standards (CAS) coverage and certified cost or pricing data requirements under the Truthful Cost or Pricing Data Act (formerly TINA). In plain terms, the bar moved up, so fewer contracts trigger these rules than before

Table showing CAS and TINA threshold changes under the FY2026 NDAA. Full CAS coverage increases from $50M to $100M. Contract-level CAS applicability increases from $2.5M to $35M. TINA threshold for defense contracts increases from $2.5M to $10M for contracts signed after June 30, 2026. Includes a legacy liability risk note that defective pricing liability on contracts certified under the previous $2.5M rule survives the acquisition.

Defense contracts certified under the previous $2.5 million pricing threshold may continue to present defective pricing risk after a transaction closes. While the threshold has since increased, potential liability tied to contracts awarded under the earlier requirement may still remain. 

Most buyers ask whether the target is CAS-covered today. The better diligence question is what gets triggered after close. If the combined company’s award profile crosses the new CAS thresholds, future CAS-covered awards may trigger Disclosure Statement obligations, FAR Part 30 notices, and changes to established cost accounting practices. 

Nontraditional defense contractor (NDC) status is now a key diligence item. NDCs generally have not performed full CAS-covered DoD work during the relevant one-year look-back period, and new FY2026 NDAA exemptions may reduce their cost, pricing, and business-system compliance burdens. Because NDC status is tied to the entity that will hold or perform DoD work, buyers must confirm whether NDC-based exemptions remain available under the deal structure before building them into margin forecasts. 

3. SBA Recertification Rules Have Reduced the Transferability of Set-Aside Revenue 

Buying a small government contracting firm can put its future set-aside revenue at risk.  

Effective January 16, 2025, the Small Business Administration (SBA) changed its recertification rules, which now limit when acquired small businesses can continue  competing for set-aside work after losing small business status. 

The impact is not the same for every contract type. Use the colors below as a quick guide. Red means eligibility ends right away. Yellow means it may end soon or depends on the details. Green means a narrow path may still exist. 

For private equity platform transactions, this is a big deal. Set-aside revenue often gets valued as if it would turn into open, unrestricted revenue over time. Do not value it that way unless you have confirmed eligibility through a vehicle-by-vehicle review. 

These rules encourage small-to-small business M&A because they may preserve set-aside vehicle eligibility that a large-buys-small transaction would lose after recertification.  

4. CMMC 2.0 Puts Revenue and Deal Value at Risk 

Defense contractors that handle Controlled Unclassified Information (CUI) need a credible path to Cybersecurity Maturity Model Certification (CMMC) 2.0 readiness. Beginning November 10, 2026, applicable DoD solicitations may require Level 2 certification by a CMMC Third-Party Assessment Organization (C3PAO) as a condition of award. Without one, they may carry revenue at risk on DoD solicitations, options, and recompetes that require CMMC status. This process can take nine to 18 months. So any target without an active CMMC plan is already behind. 

There is a second risk that is just as serious. False Claims Act (FCA) exposure for past cybersecurity misstatements does not disappear when the deal closes. The Department of Justice has actively pursued these cases through its Civil Cyber-Fraud Initiative. Treat CMMC status as a critical diligence item, not something to fix after close. 

For a deeper framework, read Assessing Cybersecurity During M&A Due Diligence

5. The Shift to Firm-Fixed-Price Contracts Is Increasing Post-Close Margin Risk 

On April 30, 2026, the White House issued an Executive Order making fixed-price, performance-based contracting the default and preferred approach for federal procurement. Agencies now need written justification and, above certain thresholds, written approval to use non-fixed-price contracts. For buyers, this shift pushes cost risk straight onto the contractor. 

Why does that matter after a deal? Under firm-fixed-price (FFP) contracts, integration costs, added overhead, new management layers, and platform expenses come out of the contractor’s margin. The government does not pick up the tab. So, a target can look stable in historical financials while carrying far more forward margin risk than the QoE shows. 

The fix is straightforward. Track the contract type mix over at least three years. Then model what happens to margins if indirect costs rise after closing, as they often do in a combined company. 

6. Contract Vehicle and AI Capability Premiums Require Deeper Diligence 

Some of the highest premiums in government contracting M&A today are tied to two things: contract vehicle access and AI capability. Access can include OASIS+, Alliant 3, SEWP, and Other Transaction Authority (OTA) agreements. Winning comparable positions organically can take years. Buying them is often faster. 

But the premium only holds if the value survives the deal. The FY2026 defense budget request includes $13.4 billion for autonomy and autonomous systems, which keeps buyer appetite for AI-ready targets strong. These deals often surface problems that standard diligence was never built to catch: 

  • Government data baked into AI models 
  • Gaps in FedRAMP or DoD Impact Level authorization 
  • Open-source, model, or data license limits in restricted environments 
  • Data rights that are unclear or tied up 

Before you set a valuation, pull the transfer provisions, OTA assignment clauses, model and training data licenses, AI capability documentation, and key employee agreements. The premium you pay should match the value that actually transfers.

The 2026 Bottom Line for Buyers 

The deals that win in 2026 will be the ones where buyers look past the backlog. The real work is to confirm what survives the deal: contract access, compliance standing, margin durability, and key talent. Each of the six changes above can quietly drain value from a transaction if you miss it during diligence. With deal activity climbing, the cost of getting it wrong is climbing too. 

This is where specialized guidance pays for itself. CrossCountry’s M&A Advisory team helps buyers spot the risks that standard diligence overlooks, so you protect every dollar of the price you pay. 

Ready to pressure-test your next government contracting deal? Contact CrossCountry today and move forward with confidence. 

Connect with an expert

Laura Adams

Accounting Advisory and Government Contracting Lead

See Bio

Contributing Author

Andrea Miguelez