Pentagon suspends CMMC phase two for 60-day review
Public Sector Action
Summary
Hide ▲
Show ▼
The Pentagon suspended CMMC phase two and opened a 60-day review, delaying new certification requirements for defense contractors and subcontractors. The pause pushes back the planned November 10, 2026 rollout of Level 2 third-party certification assessments for new contracts, while phase one requirements remain in force. Officials said the review may lead to scaled-back security measures to reduce compliance burdens on small and nontraditional businesses.
Related Happenings
Trump executive order sets federal PQC migration deadlines
Public Sector Action
H score23
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
Trump executive order sets federal PQC migration deadlines
Public Sector ActionAbout this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
EO 14409 orders federal PQC migration
Public Sector Action
H score23
First: 23.06.2026 17:00
Last: 23.06.2026 17:00
Sources 1
About this happening:
**EO 14409** forces **US federal agencies** to accelerate their **post-quantum cryptography (PQC)** migration, imposing deadlines that reach **2030-2031** and affecting the securi...
EO 14409 orders federal PQC migration
Public Sector ActionAbout this happening: **EO 14409** forces **US federal agencies** to accelerate their **post-quantum cryptography (PQC)** migration, imposing deadlines that reach **2030-2031** and affecting the securi...
Executive order NSA CISA NIST and Treasury Department created a voluntary pre-release review framework a classified benchmark federal hardening directives and an AI cybersecurity
Public Sector Action
H score26
First: 03.06.2026 14:00
Last: 03.06.2026 14:00
Sources 1
About this happening:
President Donald Trump signed a **June 2 executive order** creating a **voluntary pre-release cybersecurity review** for **covered frontier AI models**, giving the US government a...
Executive order NSA CISA NIST and Treasury Department created a voluntary pre-release review framework a classified benchmark federal hardening directives and an AI cybersecurity
Public Sector ActionAbout this happening: President Donald Trump signed a **June 2 executive order** creating a **voluntary pre-release cybersecurity review** for **covered frontier AI models**, giving the US government a...
CERT-In 12-hour KEV remediation guidance
Advisory/Mitigation
H score39
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In 12-hour KEV remediation guidance
Advisory/MitigationAbout this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CISA KEV directive for CVE-2026-20133
Public Sector Action
H score36
First: 21.04.2026 15:30
Last: 21.04.2026 15:30
Sources 1
About this happening:
On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV directive for CVE-2026-20133
Public Sector ActionAbout this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
Timeline
-
14.07.2026 09:37 2 articles · 2h ago
Pentagon suspends CMMC phase two requirements
Legal Policy Action UpdateThe Pentagon suspended Cybersecurity Maturity Model Certification (CMMC) phase two requirements that were set for November 10, 2026, and opened a 60-day review of the program. The pause keeps phase one requirements in place, and the newly formed CMMC review and reform task force will gather industry feedback and recommend scaled-back security measures for contractors handling FCI or CUI.
Show sources
- Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules — www.securityweek.com — 14.07.2026 09:37
- Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules — www.securityweek.com — 14.07.2026 09:37