{"id":289181,"date":"2026-07-13T16:55:00","date_gmt":"2026-07-13T20:55:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/13\/dod-suspends-cmmc-phase-2-launches-60-day-reform-review\/"},"modified":"2026-07-13T22:35:11","modified_gmt":"2026-07-14T02:35:11","slug":"dod-suspends-cmmc-phase-2-launches-60-day-reform-review","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/13\/dod-suspends-cmmc-phase-2-launches-60-day-reform-review\/","title":{"rendered":"DOD suspends CMMC Phase 2, launches 60-day \u2018reform\u2019 review"},"content":{"rendered":"<p><a href=\"https:\/\/www.nextgov.com\/acquisition\/2026\/07\/dod-suspends-cmmc-phase-2-launches-60-day-reform-review\/414740\/?orefu003dng-homepage-river\">DOD suspends CMMC Phase 2, launches 60-day \u2018reform\u2019 review<\/a><\/p>\n<p><a href=\"https:\/\/www.nextgov.com\/acquisition\/2026\/07\/dod-suspends-cmmc-phase-2-launches-60-day-reform-review\/414740\/?orefu003dng-homepage-river\">https:\/\/www.nextgov.com\/acquisition\/2026\/07\/dod-suspends-cmmc-phase-2-launches-60-day-reform-review\/414740\/?orefu003dng-homepage-river<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-13 16:55:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.nextgov.com\">www.nextgov.com<\/a><\/p>\n<p>The Defense Department has essentially ended\u00a0the Cybersecurity Maturity Model Certification program by suspending its second phase\u00a0requirements.<\/p>\n<p>DOD is keeping in place Phase 1, which requires self-assessments for how companies protect controlled unclassified information in their systems. But DOD said Monday it is suspending Phase 2, which was to begin on Nov. 10 and requires third-party certifications.<\/p>\n<p>DOD is also launching a review of CMMC to make sure it aligns with Defense Secretary\u00a0Pete Hegseth\u2019s acquisition initiatives, which prioritizes speed, and lowering barriers for new entrants. The Acquisition Transformation System directives also aim to replace bureaucratic compliance with what DOD calls \u201cscalable, resilient cybersecurity measures.\u201d<\/p>\n<p>The CMMC program got its start during the first Trump administration and was revised and streamlined during the Biden administration. CMMC has been\u00a0envisioned as a\u00a0cyber and supply chain security standard for the defense industrial base.<\/p>\n<p>According to DOD&#8217;s Monday statement, the department is responding to complaints that CMMC was increasing compliance costs and adding bureaucratic burdens.<\/p>\n<p>The Small Business Administration also reported that CMMC compliance had caused some companies to leave the defense industrial base, which DOD said is delaying the deliveries of critical capabilities to operators.<\/p>\n<p>&#8220;In support of Secretary Pete Hegseth&#8217;s directive to reduce compliance barriers for small and medium sized businesses, we are today suspending the CMMC Phase II requirements and initiating a 60-day study of the future of this program,&#8221; said DOD Chief Information Officer Kirsten Davies.<\/p>\n<p>Davies said that cybersecurity and operational resilience are critical priorities.<\/p>\n<p>\u201cWe believe the DIB can achieve both, while we reduce unnecessary government red tape,\u201d she said.<\/p>\n<p>Phase 3 of CMMC, which was to begin in November 2027,\u00a0and Phase 4 for full implementation are also all suspended.<\/p>\n<p>In the meantime, the department said it&#8230;<\/p>\n<p><a href=\"https:\/\/www.nextgov.com\/acquisition\/2026\/07\/dod-suspends-cmmc-phase-2-launches-60-day-reform-review\/414740\/?orefu003dng-homepage-river\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DOD suspends CMMC Phase 2, launches 60-day \u2018reform\u2019 review https:\/\/www.nextgov.com\/acquisition\/2026\/07\/dod-suspends-cmmc-phase-2-launches-60-day-reform-review\/414740\/?orefu003dng-homepage-river Publish Date: 2026-07-13 16:55:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":289182,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.nextgov.com\/media\/img\/cd\/2026\/07\/13\/CMMCmoveWT20260713-1\/open-graph.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-289181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289181"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=289181"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289181\/revisions"}],"predecessor-version":[{"id":289183,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289181\/revisions\/289183"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/289182"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=289181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=289181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=289181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}