Defense Department pauses next phase of CMMC 2.0 cybersecurity rollout
Defense Department pauses next phase of CMMC 2.0 cybersecurity rollout
Publish Date: 2026-07-15 16:30:00
Source Domain: tribalbusinessnews.com
Using an unordered list, summarize the following article with between 4 and 8 key points. The U.S. Department of Defense has suspended implementation of Phase II of its Cybersecurity Maturity Model Certification (CMMC) 2.0 program, delaying new cybersecurity certification requirements that were scheduled to take effect Nov. 10 while officials conduct a 60-day review of the program.
The move could affect tribally owned federal contractors and Native-owned businesses that compete for DoD work by delaying the next phase of cybersecurity certification requirements.
The pause comes less than a year after Cayuse Government Operations, an enterprise of the Confederated Tribes of the Umatilla Indian Reservation, and Akiak Technology, owned by the Akiak Native Community, became among the first tribally owned contractors to achieve CMMC Level 2 certification, positioning themselves for Defense Department contracts requiring heightened cybersecurity standards.
The decision delays new certification requirements but leaves existing cybersecurity obligations unchanged while the department reviews the program.
The review is intended to align CMMC with DoD Secretary Pete Hegseth’s Acquisition Transformation System, an initiative the department said is designed to reduce barriers for small, medium-sized and nontraditional defense suppliers while maintaining cybersecurity standards.
The U.S. Small Business Administration welcomed the decision, saying it had heard from small defense contractors that CMMC compliance costs were discouraging participation in the Defense Industrial Base.
The agency estimated third-party certification could cost some small businesses nearly $594,000, while compliance through self-assessment could approach $389,000. SBA also said more than 120,000 small defense contractors would have been affected by Phase II requirements if they had taken effect as scheduled.
During the review, a newly created CMMC Reform Task Force will gather industry feedback and recommend changes to the certification framework. The department also suspended pending and future CMMC implementation milestones in defense solicitations and contracts while the review is underway. Officials expect the task force to deliver its recommendations within 60 days.About The AuthorBrian Edwards is associate publisher and associate editor of Tribal Business News and Native News Online. He is a longtime publisher, editor, business reporter and serial entrepreneur.
Other Articles by this author