DOD halts cybersecurity requirements for CMMC Phase 2: ‘The math just simply doesn’t math’ 

DOD halts cybersecurity requirements for CMMC Phase 2: ‘The math just simply doesn’t math’ 

DOD halts cybersecurity requirements for CMMC Phase 2: ‘The math just simply doesn’t math’ 

https://defensescoop.com/2026/07/13/dod-halts-cmmc-cybersecurity-requirements-phase-2/

Publish Date: 2026-07-13 17:40:00

Source Domain: defensescoop.com

The Pentagon placed an immediate freeze on forthcoming cybersecurity requirements after government research suggested the policy would drive many businesses out of the defense industrial base at a time when the U.S. military urgently needs their innovations.

Defense Department Chief Information Officer Kirsten Davies and Under Secretary of Defense for Acquisition and Sustainment Michael Duffey unveiled plans Monday to suspend the much-anticipated Cybersecurity Maturity Model Certification (CMMC) Phase 2 requirements that were set to take effect Nov. 10. A new CMMC Reform Task Force is expected to conduct a review of the entire program and submit a report of its findings and recommendations within the next 60 days. 

This major pause comes as contractors have been hustling to obtain third-party assessments of their CMMC compliance in preparation for that near-term enforcement date.

“Every dollar spent on security is a wise dollar spent, and so those who have been forward leaning in in uplifting their cyber posture — in assessing what their posture is, and doing something about it — they have contributed to national security,” Davies told a small group of reporters ahead of the official announcement. “That is not money that is spent in vain, and so that is a huge message.”

The Pentagon plans to release a new request for information to garner stakeholders’ feedback on the move and associated compliance challenges. The CMMC Reform Task Force will analyze the responses as part of its upcoming review of the program.

“We’re standing that up, effective today. So that will be a cross-department task force with representatives from the Office of the CIO, [and other directorates including] from Acquisition and Sustainment, from Research and Engineering, Information and Security, Legislative Affairs, Public Affairs, Legal,” Davies told DefenseScoop. “It’s truly going to be a cross-functional team.”

CMMC is a tiered…

Source