• All News
  • |
  • World Travel
    • Africa
    • Asia
    • Europe
    • North America
  • |
  • Educational Articles
    • Art & Culture
    • Books & Literature
    • History & Politics
    • Lifestyle & Relationships
    • Professional Development
    • Science & Nature
  • |
  • About
    • About Us
    • Our Mission
    • Editorial Standards
    • Corrections Policy
    • Licensing & Redistribution
    • Image Use Policy
  • Help
  • Contact
Monday, July 13, 2026
Login
THX News | Global News, Travel & Education.
  • USA
    • Business and Commerce
    • Immigration & Border Security
    • International
      • Africa
      • Asia
      • Europe
      • Middle East
    • Law & Order
    • Local Government
      • Arizona
        • Phoenix
        • Tucson
      • California
        • San José
      • Oregon
        • Happy Valley
        • Hillsboro
        • Josephine County
        • Portland
        • Salem
        • Washington County
      • Virginia
        • Loudoun
    • Medicine & Health
    • Military
    • Space & Exploration
    • Technology
  • Canada
    • Community
    • Culture
    • Healthcare
    • Housing & Home Building
    • International
    • Military
    • Obituaries
    • Politics
    • Technology & Innovation
  • United Kingdom
    • Economy and Economics
      • Business
      • Jobs & Employment
      • Money and Taxes
    • Energy
    • Environment
    • Medical
    • International
    • Law and Order
      • Immigration
    • Military
    • Science & Technology
      • Space and Exploration
      • Technology
      • Transport
    • Society & Culture
      • Culture
      • Education
      • Housing & Land
  • European Union
  • Africa
    • Angola
    • Democratic Republic of the Congo
    • Egypt
    • Guinea
    • Kenya
    • Nigeria
    • Somalia
    • South Africa
  • Middle East
No Result
View All Result
THX News | Global News, Travel & Education.
  • USA
    • Business and Commerce
    • Immigration & Border Security
    • International
      • Africa
      • Asia
      • Europe
      • Middle East
    • Law & Order
    • Local Government
      • Arizona
        • Phoenix
        • Tucson
      • California
        • San José
      • Oregon
        • Happy Valley
        • Hillsboro
        • Josephine County
        • Portland
        • Salem
        • Washington County
      • Virginia
        • Loudoun
    • Medicine & Health
    • Military
    • Space & Exploration
    • Technology
  • Canada
    • Community
    • Culture
    • Healthcare
    • Housing & Home Building
    • International
    • Military
    • Obituaries
    • Politics
    • Technology & Innovation
  • United Kingdom
    • Economy and Economics
      • Business
      • Jobs & Employment
      • Money and Taxes
    • Energy
    • Environment
    • Medical
    • International
    • Law and Order
      • Immigration
    • Military
    • Science & Technology
      • Space and Exploration
      • Technology
      • Transport
    • Society & Culture
      • Culture
      • Education
      • Housing & Land
  • European Union
  • Africa
    • Angola
    • Democratic Republic of the Congo
    • Egypt
    • Guinea
    • Kenya
    • Nigeria
    • Somalia
    • South Africa
  • Middle East
THX News | Global News, Travel & Education.
No Result
View All Result
Home News North America United States of America Military AI & Cyber Intelligence

War Department Suspends CMMC Phase Two Requirements

Defense officials pause planned November requirements and launch a 60-day review after compliance costs raised concerns for small businesses.

THX News by THX News
1 hour ago
in AI & Cyber Intelligence
Reading Time: 6 mins read
A A
War Department cyber changes. NPO Photo by Carson Croom.

War Department cyber changes. NPO Photo by Carson Croom.

Table of Contents

Toggle
  • War Department Suspends CMMC Phase Two Requirements
    • Phase One Cybersecurity Requirements Remain
  • Compliance Costs Raise Small Business Concerns
    • Defense Industrial Base Barriers
  • 60-Day CMMC Review Task Force Launched
    • CMMC Review and Reform Process
  • Department Links CMMC Reform to Defense Production
    • Certification Assessor Capacity Adds Pressure
  • CMMC Program Faces Wider Cybersecurity Review
    • Stakeholder Comments

The War Department suspended phase two requirements of the Cybersecurity Maturity Model Certification program on July 13, 2026, before their planned November implementation. The department also launched a 60-day review of CMMC requirements affecting cybersecurity, contractor participation and the defense industrial base.

Companies seeking War Department contracts must continue protecting federal information and meeting applicable phase one requirements. Department leaders said the pause is intended to address certification costs, administrative burdens and limited assessor capacity without reducing the cybersecurity obligations applying to contractors.

 

War Department Suspends CMMC Phase Two Requirements

The War Department said CMMC phase two requirements will not take effect as planned in November 2026. The suspension affects the next stage of a phased program created to verify that defense contractors can protect sensitive government information.

The department described the decision as a pause rather than an end to contractor cybersecurity requirements. Companies must continue complying with existing regulations governing federal contract information and controlled unclassified information.

 

Indicator Recent Movement Context
CMMC phase two Implementation suspended The War Department paused requirements that had been scheduled to begin in November 2026.
Program review 60-day task force launched The War Department created a review and reform task force to examine the complete CMMC program.
Phase one Requirements continue The War Department said contractors must continue meeting applicable phase one cybersecurity obligations.
Certification capacity Assessor shortage identified Chief Information Officer Kirsten Davies said the available assessor workforce could not complete all expected evaluations before November.

 

Phase One Cybersecurity Requirements Remain

Companies doing business with the department must continue safeguarding government information according to federal regulations. Additionally, contractors must meet applicable CMMC phase one requirements, which focus primarily on self-assessments and existing cybersecurity controls.

The War Department said cybersecurity across the defense industrial base remains a nonnegotiable priority. The practical effect is that the phase two pause removes an approaching certification stage while leaving current information-protection responsibilities in place.

 

Compliance Costs Raise Small Business Concerns

Kirsten Davies, the department’s chief information officer, said available data showed that current and planned CMMC requirements were creating prohibitive compliance costs and administrative burdens. She said those pressures were particularly significant for small businesses.

The U.S. Small Business Administration Office of Advocacy previously said the department had underestimated CMMC compliance costs. The War Department linked those costs to reduced contractor agility and the risk that smaller companies could leave or avoid the defense market.

 

Defense Industrial Base Barriers

The department said complex certification requirements can reduce the number and range of companies able to compete for defense work. Smaller firms may have fewer personnel and financial resources available for external assessments, documentation and recurring compliance activity.

  • Small business costs: The War Department cited compliance expenses as a barrier for smaller defense contractors and potential suppliers.
  • Market participation: Department leaders said administrative requirements could discourage startups, small manufacturers and nontraditional companies from pursuing contracts.
  • Production capacity: The War Department linked broader contractor participation to its ability to expand production when military demand increases.
  • Existing safeguards: Contractors remain responsible for meeting federal cybersecurity and information-protection requirements during the review.

 

60-Day CMMC Review Task Force Launched

The War Department created a CMMC review and reform task force with 60 days to conduct what it described as a top-to-bottom examination of the program. The review will consider certification requirements, compliance costs, contractor participation and the department’s need for visibility into industrial cybersecurity.

The task force will serve as the central point for reviewing industry responses to a public request for information. Its recommendations are expected to focus on security measures that can be applied across companies of different sizes and levels of technical capacity.

 

CMMC Review and Reform Process

The department said the review will use feedback from defense companies and other interested parties to identify realistic and scalable cybersecurity measures. Additionally, the task force will consider how future requirements can preserve operational resilience while reducing unnecessary barriers.

The review does not establish the final structure of a revised CMMC program. Its immediate result is a formal process through which the department can reassess requirements before proceeding with later implementation stages.

 

Department Links CMMC Reform to Defense Production

Michael Duffey, undersecretary of war for acquisition and sustainment, said reforming CMMC is part of placing the acquisition system on what he described as a wartime footing. He linked reduced administrative delay to the department’s need for faster industrial production.

The War Department said a broader supplier base could improve access to innovation, manufacturing capacity and specialized technology. However, the department also maintained that companies handling government information must continue meeting cybersecurity obligations.

 

Certification Assessor Capacity Adds Pressure

Davies said the number of department-approved assessors was not sufficient to complete all required evaluations before the planned November phase two deadline. The shortage created a practical implementation constraint in addition to concerns about cost.

The CMMC program relies on approved private-sector assessors for some certification levels. Consequently, insufficient assessor capacity could delay contractor approvals, affect eligibility for contracts and create uneven access to the defense market.

 

CMMC Program Faces Wider Cybersecurity Review

The CMMC program was first announced in 2020 to improve assurance that contractors and subcontractors protect sensitive government information. It combines cybersecurity requirements with assessments intended to verify that companies have implemented the controls required for the information they handle.

Phase one implementation began in November 2025 and focuses primarily on CMMC Level 1 and Level 2 self-assessments. The current pause prevents the planned expansion into phase two while the department evaluates whether the program can provide cybersecurity assurance without imposing disproportionate costs or delays.

 

Stakeholder Comments

Kirsten Davies, War Department Chief Information Officer said;

“I want to be clear, across the Department of War and our defense industrial base, investing in and dynamically maintaining robust cybersecurity remains a critical, nonnegotiable priority.”

“The current CMMC requirements, including the future planned requirements, are creating prohibitive compliance costs and unacceptable bureaucratic burdens, especially to small businesses.”

 

Michael Duffey, Undersecretary of War for Acquisition and Sustainment said;

“We cannot expect our industries to build at the speed of relevance if they are drowning in peacetime paperwork and administrative bureaucracy.”

“By pausing phase two implementation, we are keeping more companies in the DIB who would otherwise be forced out of the market at a time when we need them most.”

 

The suspension delays CMMC phase two while leaving existing contractor cybersecurity responsibilities and phase one requirements in place. The War Department’s 60-day task force will now assess compliance costs, assessor capacity, industry participation and possible reforms to the certification program.

Future CMMC requirements will depend on the review’s recommendations and the department’s response to industry feedback. The central question is how the program can verify cybersecurity across the defense industrial base without creating barriers that reduce contractor participation or production capacity.

 

Sources: War Department, War Department Chief Information Officer, U.S. Small Business Administration Office of Advocacy.

 

Prepared by Ivan Alexander Golden, Founder of THX News, an independent news organization delivering timely insights from global official sources.
Research combines AI-assisted analysis with human-edited accuracy and context.

 

Tags: CMMCCybersecurityDefense ContractorsSmall businesses
THX News

THX News

THX News is a governance-first information system focused on deterministic, source-verified reporting.

The platform operates under a fail-closed architecture, where publication occurs only when verification and attribution requirements are met. Content is produced from primary materials including government press releases and official documents, with all reporting traceable to source.

The system prioritises consistency, transparency, and reproducibility over output volume, forming part of a long-horizon information infrastructure.

Related Posts

Concept illustration of an AI-enabled military command centre. Image generated using ChatGPT Image. The image is illustrative only and has no direct connection to any real-world military operation or facility.
AI & Cyber Intelligence

Department of War Launches AI Battle Management Network

June 26, 2026
War Department Chief Information Officer Kirsten Davies hosts the annual CIO awards ceremony at the Pentagon, Feb. 23, 2026. Photo by NPO 1st Class Kubitza.
AI & Cyber Intelligence

Pentagon cyber strategy outlines warfighting tech shift

March 27, 2026
Army Maj. Matthew Martinez, reviews a historical vignette delivered via a CADD custom tool in Army Vantage at Fort Leavenworth, Kan., Feb. 17, 2026. Photo by Randi Stenson.
AI & Cyber Intelligence

Army AI Doctrine Effort Speeds Guidance Development

February 19, 2026
Defense Department Cyber Service Academy stickers at the DOD CSA cyber boot camp held at George Washington University's Science and Engineering Hall, July 21-22, 2025. Photo by DOD Corbin Stewart.
AI & Cyber Intelligence

DoD Cyber Service Academy Boot Camp: Top Cyber Scholars Converge

June 15, 2026
Undersecretary of Defense, Emil Michael delivers remarks to attendees at the Department of Defense Manufacturing Technology Program Exhibition at the Pentagon. Photo by Kubitza.
AI & Cyber Intelligence

DoD ManTech Program: Advancing National Security

July 2, 2026
An Air Force MQ-9 Reaper remotely piloted aircraft, assigned to the 432nd Wing, taxis toward the runway at Creech Air Force Base, Nev., April 15, 2025. Photo by the US Dept. of Defense.
AI & Cyber Intelligence

DARPA’s Resilient Software Systems: Enhancing U.S. Military Cybersecurity

July 2, 2026

Explore & Discover More

Recent Posts

  • War Department Suspends CMMC Phase Two Requirements
  • Ten Nations Launch European Missile Defence Coalition
  • Child Trafficking Guardians Expand Nationwide
  • England Sets Out 30by30 Nature Recovery Plan
  • DHS Sets New Election Security Grants Requirements

THX News

Reporting on the Official Record.

THX News delivers clarity through source-led reporting from primary documents, government releases, public data, and institutional records. Our commitment is to foster an informed global community through fact-driven reporting you can trust.

About THX News

  • Our Mission
  • About Us
  • System Proof
  • System Repository

Help

  • Contact Us
  • Licensing & Redistribution
  • RSS

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • November 2020

© 2020–2026 THX News LLC. All Rights Reserved.

No Result
View All Result
  • News
  • Canada
    • Community
    • Healthcare
    • Housing & Home Building
    • International
    • Military
    • Obituaries
    • Politics
    • Technology & Innovation
  • UK
    • Education
    • Environment
    • Healthcare
    • Housing & Land
    • Jobs & Employment
    • Law & Order
    • Money and Taxes
    • Technology
  • European Union
  • USA
    • Economics & Money
    • Immigration & Border Security
    • International
    • Law & Order
    • Local Government
      • Arizona
      • California
      • Oregon
      • Virginia
    • Medicine & Health
    • Military
    • Space & Exploration
    • Technology
  • Africa
    • Angola
    • Democratic Republic of the Congo
    • Egypt
    • Guinea
    • Kenya
    • Nigeria
    • Somalia
    • South Africa
  • Middle East
  • —
  • Travel
    • Africa
    • Asia
    • Europe
    • USA
  • Education
    • Art & Culture
    • Books & Authors
    • Fashion
    • History & Politics
    • Lifestyle & Relationships
    • Music
  • —
  • About Us
  • Help & FAQ
  • Contact Us
  • Login

© 2020–2026 THX News LLC. All Rights Reserved.

THX News™ uses cookies. By using this website you are giving consent to the use of cookies. Visit our Privacy and Cookie Policy.