DoW Suspends CMMC Phase II — NIST SP 800-171 Self-Assessment Becomes the Interim Standard, With Rising False Claims Act Exposure - Hunton Andrews Kurth LLP
The Department of Defense (DoD) has suspended CMMC Phase II, making NIST SP 800-171 self-assessment the interim standard. This increases False Claims Act exposure for contractors who self-certify compliance.
Aforeworn detected this change in the Government Contracting (SAM/FAR) space on July 14, 2026 and published this briefing so affected operators are forewarned rather than caught off guard. It is rated High urgency. Defense contractors, small business set-asides, GSA schedule holders, federal grant recipients should confirm how it applies to their specific situation before acting. There is a time constraint attached: Immediately; ongoing compliance required for contract eligibility.. Acting after that point can mean penalties, a lapsed licence, or lost eligibility — exactly the kind of surprise Aforeworn exists to prevent. Aforeworn monitors Government Contracting (SAM/FAR) continuously and turns every detected change into a plain-English briefing like this one, so you always know first. Forewarned is forearmed.
What changed
CMMC Phase II is suspended; NIST SP 800-171 self-assessment becomes the interim standard, with heightened False Claims Act liability for inaccurate self-certifications.
Who it affects
Defense contractors, small business set-asides, GSA schedule holders, federal grant recipients
What you must do
Review and update NIST SP 800-171 self-assessment to ensure accuracy, and prepare for potential audits or investigations.
Deadline
Immediately; ongoing compliance required for contract eligibility.
Never miss a change like this again
Aforeworn watches Government Contracting (SAM/FAR) around the clock and alerts you the moment a rule moves — with a plain-English brief on what to do.
Start your free trialRelated changes in Government Contracting (SAM/FAR)
- Revolutionary FAR Overhaul: FAR Council Proposes to Make Agency-Level Bid Protests a More Attractive Forum - The National Law Review
- Pentagon suspends CMMC Phase II requirements. - N2K CyberWire
- US-CONGRESS HR872: Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025
- Department of War suspends CMMC Phase II, launches 60-day review to reduce compliance burden on defense contractors - Industrial Cyber
- Proposed Rule to Centralize the Federal Grant Process and Give Political Appointees More Power Over Awards - The National Law Review