Pentagon announces ‘immediate suspension’ of CMMC Phase II mandates

Pentagon announces ‘immediate suspension’ of CMMC Phase II mandates

Pentagon announces ‘immediate suspension’ of CMMC Phase II mandates

https://breakingdefense.com/2026/07/pentagon-announces-immediate-suspension-of-cmmc-mandates/

Publish Date: 2026-07-13 18:46:00

Source Domain: breakingdefense.com

WASHINGTON — The Pentagon is suspending part of its cybersecurity requirements for industry, specifically related to third party assessments, citing onerous burdens on especially smaller defense firms.

“In support of Secretary of War Hegseth’s directive to aggressively scale warfighter readiness, I’m announcing the immediate suspension of the Cybersecurity Maturity Model Certification, or CMMC, Phase II requirements, which were originally scheduled to go into effect November 10, 2026,” Kirsten Davies, chief information officer, told reporters at the Pentagon today, using the secondary name for the secretary of defense. “I want to be clear across the Department of War and our defense industrial base, investing in and dynamically maintaining robust cybersecurity remains a critical non-negotiable priority. This action does not eliminate the legal requirement for our industry partners to protect federal data.”

Davies added later, “We are not reducing cybersecurity through this measure. We are reducing the red tape.”

A July 10 memo released by the Pentagon today notes that the current iteration of CMMC imposes “significant and often prohibitive burdens on the Defense Industrial Base (DIB), particularly the small and non-traditional businesses that are the engine of American innovation. While cybersecurity is essential, administrative compliance cannot come at the cost of warfighting capability and industrial base growth.”

The current administration has made it a top priority to loosen perceived bureaucratic restrictions and hurdles in order to speed up the delivery of systems and capabilities while seeking to simultaneously grow the industrial base.

CMMC has been in the works since at least 2019, during the first Trump administration. At the time, there was worry that America’s enemies were able to infiltrate contractors and suppliers to steal information and aggregate it to gain a significant advantage. The program…

Source