Pentagon announces 'immediate suspension' of CMMC Phase II mandates
AI Generated Image

Pentagon announces 'immediate suspension' of CMMC Phase II mandates

Breaking Defense business

Key Points:

  • The Pentagon is suspending the Cybersecurity Maturity Model Certification (CMMC) Phase II requirements, particularly the third-party assessment mandates, originally set to begin November 10, 2026, citing excessive burdens on smaller defense firms.
  • Officials emphasized that cybersecurity standards will remain a top priority, with the suspension aimed at reducing administrative red tape rather than lowering security requirements.
  • The current CMMC structure has faced criticism for being incompatible with the rapid expansion of the Defense Industrial Base (DIB), especially for small and non-traditional businesses, due to a shortage of qualified third-party assessors and complex audit demands.
  • A new task force will review the CMMC program over 60 days to recommend streamlined, realistic measures that facilitate faster capability delivery and easier compliance for smaller companies, while baseline cybersecurity compliance will continue through self-assessments based on NIST standards.
  • Defense industry stakeholders have welcomed the suspension, as previous CMMC requirements were viewed as significant obstacles, particularly for small firms lacking resources to meet compliance and assessment demands.

Trending Business

Trending Technology

Trending Health