
Pentagon halts phase-two CMMC and launches 60-day reform to ease contractor compliance
The Pentagon is suspending phase two of the Cybersecurity Maturity Model Certification (CMMC) plan and maintaining phase one self-assessments as it launches a 60-day reform review to rebalance the program toward faster capability delivery and lower barriers for small and non-traditional contractors; milestones are paused, with an emphasis on tangible cyber hygiene over costly third-party certifications, a shift supported by the SBA and potentially affecting up to 80,000 defense contractors.











