www.securityweek.com 7/14/2026, 6:51:14 AM · external

Pentagon pauses CMMC Phase Two rollout for 60 day review

Pentagon pauses CMMC Phase Two rollout for 60 day review
CyberSIXT Evidence Panel Source marked as original reporting

THE Pentagon has suspended the implementation of the Cybersecurity Maturity Model Certification (CMMC) phase two requirements, originally scheduled for November, pending a 60-day review. This decision aims to simplify processes for contractors while maintaining cybersecurity standards, as phase one requirements remain in effect. A new task force will gather industry feedback to potentially recommend modifications to security measures to better support small and nontraditional businesses.

The CMMC framework is crucial for companies handling government contracts, verifying they meet essential cybersecurity standards. The phased rollout plans for the CMMC program include certifications at three levels, with ongoing concerns about the availability of approved assessors contributing to the delay.

View full article

Article by CyberSIXT