Pentagon suspends CMMC phase two requirements, launches review of program
The Pentagon is suspending the ramp up of new Cybersecurity Maturity Model Certification third-party assessment requirements, while also launching a sweeping review of the CMMC program that once again calls into question the future of the contractor cyber compliance regime.
In a July 13 announcement, the Defense Department said it is suspending plans to introduce phase two of the CMMC requirements. That would have involved DoD requiring third-party cybersecurity assessments across all contracts involving sensitive but unclassified information starting Nov. 10, 2026.
DoD says the phase one requirements for applicable contracts to require a CMMC self-assessment, which went into effect last November, remain in force.
Read more at Federal News Network