Pentagon suspends CMMC Phase II requirements. - N2K CyberWire
Pentagon suspends CMMC Phase II requirements, delaying mandatory cybersecurity certification for defense contractors.
Aforeworn detected this change in the Government Contracting (SAM/FAR) space on July 14, 2026 and published this briefing so affected operators are forewarned rather than caught off guard. It is rated Medium urgency. Defense contractors, small businesses with set-asides, GSA schedule holders, federal grant recipients should confirm how it applies to their specific situation before acting. There is a time constraint attached: No new deadline; monitor for future updates on CMMC implementation.. Acting after that point can mean penalties, a lapsed licence, or lost eligibility — exactly the kind of surprise Aforeworn exists to prevent. Aforeworn monitors Government Contracting (SAM/FAR) continuously and turns every detected change into a plain-English briefing like this one, so you always know first. Forewarned is forearmed.
What changed
CMMC Phase II requirements are suspended, meaning contractors are not required to achieve CMMC Level 2 certification at this time.
Who it affects
Defense contractors, small businesses with set-asides, GSA schedule holders, federal grant recipients
What you must do
Continue maintaining NIST SP 800-171 compliance as required by DFARS clause 252.204-7012; no immediate action needed for CMMC certification.
Deadline
No new deadline; monitor for future updates on CMMC implementation.
Never miss a change like this again
Aforeworn watches Government Contracting (SAM/FAR) around the clock and alerts you the moment a rule moves — with a plain-English brief on what to do.
Start your free trialRelated changes in Government Contracting (SAM/FAR)
- Revolutionary FAR Overhaul: FAR Council Proposes to Make Agency-Level Bid Protests a More Attractive Forum - The National Law Review
- DoW Suspends CMMC Phase II — NIST SP 800-171 Self-Assessment Becomes the Interim Standard, With Rising False Claims Act Exposure - Hunton Andrews Kurth LLP
- US-CONGRESS HR872: Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025
- Department of War suspends CMMC Phase II, launches 60-day review to reduce compliance burden on defense contractors - Industrial Cyber
- Proposed Rule to Centralize the Federal Grant Process and Give Political Appointees More Power Over Awards - The National Law Review