{"id":289929,"date":"2026-07-15T16:39:00","date_gmt":"2026-07-15T20:39:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/15\/pentagon-suspends-cmmc-program-cbia\/"},"modified":"2026-07-15T16:40:06","modified_gmt":"2026-07-15T20:40:06","slug":"pentagon-suspends-cmmc-program-cbia","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/15\/pentagon-suspends-cmmc-program-cbia\/","title":{"rendered":"Pentagon Suspends CMMC Program \u00bb CBIA"},"content":{"rendered":"<p><a href=\"https:\/\/www.cbia.com\/news\/manufacturing\/pentagon-suspends-cmmc-certification\">Pentagon Suspends CMMC Program \u00bb CBIA<\/a><\/p>\n<p><a href=\"https:\/\/www.cbia.com\/news\/manufacturing\/pentagon-suspends-cmmc-certification\">https:\/\/www.cbia.com\/news\/manufacturing\/pentagon-suspends-cmmc-certification<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-15 16:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cbia.com\">www.cbia.com<\/a><\/p>\n<p class=\"wp-block-paragraph\">The Department of Defense suspended the rollout of Phase 2 of its Cybersecurity Maturity Model Certification program July 13.<\/p>\n<p class=\"wp-block-paragraph\">The move halts a requirement that was set to force tens of thousands of defense contractors into costly third-party cybersecurity audits beginning this November.<\/p>\n<p class=\"wp-block-paragraph\">Announced jointly by DoD chief information officer Kirsten Davies and Under Secretary Michael Duffey, the decision represents the most significant shift in the program since it began rolling out last year.<\/p>\n<p class=\"wp-block-paragraph\">CMMC was designed as a tiered framework requiring companies that handle federal contract information or controlled unclassified information to prove they meet specific cybersecurity controls before winning defense contracts.<\/p>\n<p class=\"wp-block-paragraph\">Phase 1, which took effect in November 2025, required contractors to complete self-assessments. Phase 2 was scheduled to begin Nov. 10, 2026, and required many contractors to pass an independent audit conducted by a certified third-party assessor organization, or C3PAO, as a condition of contract award.<\/p>\n<p class=\"wp-block-paragraph\">Phase 3, planned for 2027, added an even higher tier of government-led assessments for the most sensitive work.<\/p>\n<h4 class=\"wp-block-heading\"><strong>Why the Pentagon Pulled Back<\/strong><\/h4>\n<p class=\"wp-block-paragraph\">The announcement immediately suspends the Phase 2 transition and puts all future CMMC milestones on hold.<\/p>\n<p class=\"wp-block-paragraph\">Going forward, procuring agencies may only require contractors to hold a self-attested Level 1 or Level 2 status; any solicitation or contract that currently demands third-party or government-led certification must be amended to remove that requirement.<\/p>\n<p class=\"wp-block-paragraph\">Davies also launched a 60-day \u201ctop-to-bottom\u201d review of the entire program through a newly formed CMMC Reform Task Force, with a formal request for industry feedback due Aug. 14.<\/p>\n<p>SBA data suggested future CMMC phases could cost small and mid-sized businesses more than $7 billion annually.<\/p>\n<p class=\"wp-block-paragraph\">Officials framed the decision around cost and capacity, not a retreat from cybersecurity standards.<\/p>\n<p class=\"wp-block-paragraph\">Davies pointed to Small Business&#8230;<\/p>\n<p><a href=\"https:\/\/www.cbia.com\/news\/manufacturing\/pentagon-suspends-cmmc-certification\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pentagon Suspends CMMC Program \u00bb CBIA https:\/\/www.cbia.com\/news\/manufacturing\/pentagon-suspends-cmmc-certification Publish Date: 2026-07-15 16:39:00 Source Domain: www.cbia.com The&#8230;<\/p>\n","protected":false},"author":1,"featured_media":289930,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cbia.com\/wp-content\/uploads\/2021\/11\/CMMC-2.0.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-289929","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289929"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=289929"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289929\/revisions"}],"predecessor-version":[{"id":289931,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289929\/revisions\/289931"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/289930"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=289929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=289929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=289929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}