
WASHINGTON (13 July 2026) — The Department of War (DoW) announced the suspension of the Cybersecurity Maturity Model Certification (CMMC) Phase Two requirements. These requirements were to initially be implemented on 10 November 2026.
Companies interested in doing business with the department, Davies said, will still need to comply with cybersecurity requirements and safeguard government information according to regulations. Companies will also need to continue to meet requirements under CMMC phase one.
SOSSEC will continue to monitor the situation and keep its members up to date with any new developments.
For more information on the suspension of the CMMC Phase Two requirements, you can read the DoW’s press release here.
