The Department of Defense Abruptly Suspends Implementation of CMMC Phase II
The Department of Defense Abruptly Suspends Implementation of CMMC Phase II
On July 13, 2026, the Department of Defense (DoD) announced that it was immediately suspending the roll out of Phase II of the Cybersecurity Maturity Model Certification (CMMC) program, set to go into effect on November 10, 2026. As we have previously reported here and here, Phase II of CMMC would have involved the roll-out of CMMC Level 2 Assessments conducted by Certified Third-Party Assessment Organizations (C3PAOs). Although DoD has suspended these third-party certification requirements, it... By: Pillsbury Winthrop Shaw Pittman LLP