On July 13, 2026, the Department of War (DOW) announced the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II implementation while it conducts a 60-day review of the program. Contractors that anticipated imminent third-party assessment requirements will understandably view the announcement as welcome relief.
However, the significance of the decision extends beyond delaying certification deadlines. It signals a broader reassessment of how DOW intends to balance cybersecurity assurance, acquisition efficiency, and industrial base participation. While the immediate compliance burden has eased for many contractors, the underlying cybersecurity obligation, and the legal risks associated with contractor self-representations, remain.
Read the full article at Dentons.com