DOD halts cybersecurity requirements for CMMC Phase 2: ‘The math just simply doesn't math’ - DefenseScoop
DOD halts CMMC Phase 2 cybersecurity requirements, pausing new mandates for defense contractors.
Aforeworn detected this change in the Government Contracting (SAM/FAR) space on July 13, 2026 and published this briefing so affected operators are forewarned rather than caught off guard. It is rated High urgency. Defense contractors, small businesses with set-asides, GSA schedule holders, federal grant recipients should confirm how it applies to their specific situation before acting. There is a time constraint attached: No new deadline; pause is indefinite until DOD revises the rule.. Acting after that point can mean penalties, a lapsed licence, or lost eligibility — exactly the kind of surprise Aforeworn exists to prevent. Aforeworn monitors Government Contracting (SAM/FAR) continuously and turns every detected change into a plain-English briefing like this one, so you always know first. Forewarned is forearmed.
What changed
DOD has paused the implementation of CMMC Phase 2 cybersecurity requirements, meaning contractors are not required to achieve CMMC certification for new contracts until further notice.
Who it affects
Defense contractors, small businesses with set-asides, GSA schedule holders, federal grant recipients
What you must do
No immediate action required, but contractors should continue preparing for eventual CMMC compliance and monitor for updates.
Deadline
No new deadline; pause is indefinite until DOD revises the rule.
Never miss a change like this again
Aforeworn watches Government Contracting (SAM/FAR) around the clock and alerts you the moment a rule moves — with a plain-English brief on what to do.
Start your free trialRelated changes in Government Contracting (SAM/FAR)
- Pentagon pauses cyber audit rule blamed for supplier exits - The Mighty 790 KFGO
- Pentagon announces ‘immediate suspension’ of some CMMC mandates - Breaking Defense
- Forging the Arsenal of Freedom: Department of War Suspends CMMC Phase II Requirements - U.S. Department of War (.gov)
- CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117 - Government Contracts Legal Forum
- Proposed FAR Part 40 Rule: Consolidation of Supply Chain Security and Information Security Requirements and New Changes to the Rules - Inside Government Contracts