Pentagon pauses cyber audit rule blamed for supplier exits - The Mighty 790 KFGO
The Pentagon has paused enforcement of a cyber audit rule (likely DFARS 252.204-7012 or CMMC-related) that was causing small suppliers to exit the defense market. This pause provides temporary relief for contractors who were struggling to meet NIST SP 800-171 compliance requirements.
Aforeworn detected this change in the Government Contracting (SAM/FAR) space on July 13, 2026 and published this briefing so affected operators are forewarned rather than caught off guard. It is rated High urgency. Small business defense contractors, GSA schedule holders, and federal grant recipients subject to DFARS cybersecurity clauses. should confirm how it applies to their specific situation before acting. There is a time constraint attached: No specific deadline announced; monitor official updates from DoD for resumption of enforcement.. Acting after that point can mean penalties, a lapsed licence, or lost eligibility — exactly the kind of surprise Aforeworn exists to prevent. Aforeworn monitors Government Contracting (SAM/FAR) continuously and turns every detected change into a plain-English briefing like this one, so you always know first. Forewarned is forearmed.
What changed
The Pentagon has halted enforcement of the cyber audit rule that required contractors to demonstrate compliance with NIST SP 800-171. This pause may delay mandatory assessments or certifications (e.g., CMMC) but does not eliminate the underlying compliance obligations.
Who it affects
Small business defense contractors, GSA schedule holders, and federal grant recipients subject to DFARS cybersecurity clauses.
What you must do
Review your current cybersecurity posture against NIST SP 800-171 and continue remediation efforts. Do not halt compliance activities, as the pause is temporary and may be lifted with short notice.
Deadline
No specific deadline announced; monitor official updates from DoD for resumption of enforcement.
Never miss a change like this again
Aforeworn watches Government Contracting (SAM/FAR) around the clock and alerts you the moment a rule moves — with a plain-English brief on what to do.
Start your free trialRelated changes in Government Contracting (SAM/FAR)
- DOD halts cybersecurity requirements for CMMC Phase 2: ‘The math just simply doesn't math’ - DefenseScoop
- Pentagon announces ‘immediate suspension’ of some CMMC mandates - Breaking Defense
- Forging the Arsenal of Freedom: Department of War Suspends CMMC Phase II Requirements - U.S. Department of War (.gov)
- CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117 - Government Contracts Legal Forum
- Proposed FAR Part 40 Rule: Consolidation of Supply Chain Security and Information Security Requirements and New Changes to the Rules - Inside Government Contracts