Find notable cyber news and cases, enriched with sources, timelines, and signals.

Pentagon suspends CMMC phase two for 60-day review

Public Sector Action
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

The Pentagon suspended CMMC phase two and opened a 60-day review, delaying new certification requirements for defense contractors and subcontractors. The pause pushes back the planned November 10, 2026 rollout of Level 2 third-party certification assessments for new contracts, while phase one requirements remain in force. Officials said the review may lead to scaled-back security measures to reduce compliance burdens on small and nontraditional businesses.

Related Happenings

Trump executive order sets federal PQC migration deadlines

Public Sector Action
H score23 First: 23.06.2026 18:16 Last: 23.06.2026 18:16 Sources 1

About this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...

EO 14409 orders federal PQC migration

Public Sector Action
H score23 First: 23.06.2026 17:00 Last: 23.06.2026 17:00 Sources 1

About this happening: **EO 14409** forces **US federal agencies** to accelerate their **post-quantum cryptography (PQC)** migration, imposing deadlines that reach **2030-2031** and affecting the securi...

Executive order NSA CISA NIST and Treasury Department created a voluntary pre-release review framework a classified benchmark federal hardening directives and an AI cybersecurity

Public Sector Action
H score26 First: 03.06.2026 14:00 Last: 03.06.2026 14:00 Sources 1

About this happening: President Donald Trump signed a **June 2 executive order** creating a **voluntary pre-release cybersecurity review** for **covered frontier AI models**, giving the US government a...

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
H score39 First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

CISA KEV directive for CVE-2026-20133

Public Sector Action
H score36 First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Timeline

  1. 14.07.2026 09:37 2 articles · 2h ago

    Pentagon suspends CMMC phase two requirements

    Legal Policy Action Update

    The Pentagon suspended Cybersecurity Maturity Model Certification (CMMC) phase two requirements that were set for November 10, 2026, and opened a 60-day review of the program. The pause keeps phase one requirements in place, and the newly formed CMMC review and reform task force will gather industry feedback and recommend scaled-back security measures for contractors handling FCI or CUI.

    Show sources