Pentagon halts Phase II CMMC audits to cut red tape for defense firms

TL;DR Summary
The DoD is pausing Phase II CMMC requirements, including third-party assessments, to reduce burdens on small and nontraditional defense firms while preserving baseline cybersecurity under NIST SP 800-171 Rev 2 via self-assessments. A 60-day task force will review CMMC and propose practical reforms to speed capability delivery and lower entry barriers; contractors must still protect federal data and current solicitations will be amended accordingly.
- Pentagon announces ‘immediate suspension’ of CMMC Phase II mandates Breaking Defense
- Forging the Arsenal of Freedom: Department of War Suspends CMMC Phase II Requirements U.S. Department of War (.gov)
- Pentagon Pauses Cybersecurity Certification Program for Defense Contractors Devdiscourse
- Readiness Pivotal as CMMC Assessor Capacity Squeezed National Defense Magazine
- SBA Commends U.S. Department of War’s Suspension of CMMC Phase II for Small Defense Contractors Yahoo Finance
Reading Insights
Total Reads
0
Unique Readers
2
Time Saved
4 min
vs 5 min read
Condensed
93%
924 → 64 words
Want the full story? Read the original article
Read on Breaking Defense