DoW CMMC Homepage

Kirsten Davies, War Department chief information officer, right, signs a memorandum changing requirements of the Cybersecurity Maturity Model Certification program during a media roundtable at the Pentagon, July 13, 2026. Davies conducted the event alongside Michael Duffey, undersecretary of war for acquisition and sustainment.
Photo Credit: Navy Petty Officer 2nd Class Carson Croom

WASHINGTON (13 July 2026) — The Department of War (DoW) announced the suspension of the Cybersecurity Maturity Model Certification (CMMC) Phase Two requirements. These requirements were to initially be implemented on 10 November 2026.

Companies interested in doing business with the department, Davies said, will still need to comply with cybersecurity requirements and safeguard government information according to regulations. Companies will also need to continue to meet requirements under CMMC phase one.

SOSSEC will continue to monitor the situation and keep its members up to date with any new developments.

For more information on the suspension of the CMMC Phase Two requirements, you can read the DoW’s press release here.