US Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) Phase II Suspended the Phase II requirements pending review and announced a 60-day program review
Public Sector Action
Summary
Hide ▲
Show ▼
The US Department of Defense suspended CMMC Phase II requirements pending review, delaying a planned November 10, 2026 compliance step for defense contractors and subcontractors handling FCI and CUI. The pause affects the move from self-attestations to independent assessments by C3PAOs, which had been intended to verify compliance with NIST SP 800-171. The review could reshape cybersecurity obligations across the defense industrial base and slow the rollout of stricter certification enforcement.
Related Happenings
Pentagon suspends CMMC phase two for 60-day review
Public Sector Action
H score24
First: 14.07.2026 09:37
Last: 14.07.2026 09:37
Sources 1
About this happening:
The **Pentagon** suspended **CMMC phase two** and opened a **60-day review**, delaying new certification requirements for **defense contractors** and **subcontractors**. The pause...
Pentagon suspends CMMC phase two for 60-day review
Public Sector ActionAbout this happening: The **Pentagon** suspended **CMMC phase two** and opened a **60-day review**, delaying new certification requirements for **defense contractors** and **subcontractors**. The pause...
DoD final CMMC rule and ISACA credentialing rollout
Public Sector Action
H score25
First: 17.12.2025 16:05
Last: 17.12.2025 16:05
Sources 1
About this happening:
The **US Department of Defense** published the **final CMMC rule**, starting a **three-year rollout** of cybersecurity requirements across **DoD contracts**. The change matters be...
DoD final CMMC rule and ISACA credentialing rollout
Public Sector ActionAbout this happening: The **US Department of Defense** published the **final CMMC rule**, starting a **three-year rollout** of cybersecurity requirements across **DoD contracts**. The change matters be...
Timeline
-
14.07.2026 18:28 2 articles · 3h ago
DoD suspends CMMC Phase II and launches 60-day review
Legal Policy Action UpdateThe US Department of Defense suspended CMMC Phase II requirements pending a review of the program, pausing the planned November 10, 2026 shift to mandatory independent assessments for defense contractors handling federal contract information (FCI) and controlled unclassified information (CUI). During the interim, the DoD said it will enforce cybersecurity compliance with NIST SP 800-171 Rev 2 through self-assessments and select government-led assessments while a CMMC Reform Task Force conducts a 60-day review.
Show sources
- US: Pentagon Suspends CMMC Phase II Requirements for Defense Contractors — www.infosecurity-magazine.com — 14.07.2026 18:28
- US: Pentagon Suspends CMMC Phase II Requirements for Defense Contractors — www.infosecurity-magazine.com — 14.07.2026 18:28
-
14.07.2026 18:28 1 articles · 3h ago
Experts urge contractors to keep CMMC compliance efforts after the delay
Industry Or Public Sector UpdateDave Schroeder of the University of Wisconsin Madison said the pause likely reflects not enough contractors being ready for CMMC Phase II by Nov 10, and Nelina Varenas warned that defense contractors should not treat the delay as a reason to abandon compliance efforts because CMMC Level 1 self-assessment requirements remain in place. The guidance framed the suspension as additional time to strengthen cybersecurity practices before any future enforcement resumes.
Show sources
- US: Pentagon Suspends CMMC Phase II Requirements for Defense Contractors — www.infosecurity-magazine.com — 14.07.2026 18:28