Official websites use .gov
Secure .gov websites use HTTPS
JULY 13, 2026: The Department of War today announces the immediate suspension of the Cybersecurity Maturity Model Certification (CMMC) Phase II requirements, which were originally scheduled to come into effect on November 10, 2026. All Phase I self-assessment requirements remain firmly in place. Additionally, the Department will begin a comprehensive review of CMMC aimed at aligning with Secretary of War Pete Hegseth's Acquisition Transformation System (ATS) directives prioritizing speed to capability, lowering barriers for small, medium, and non-traditional businesses, and replacing bureaucratic compliance with scalable, resilient cybersecurity measures.
"We have a strategic imperative to reduce bureaucracy as we build the world's strongest Arsenal of Freedom. The CIO's decision ensures we maintain a strict security baseline while removing paralyzing costs and keeping innovators and competition growing in the defense supply chain," said Hon. Michael Duffey, Under Secretary of War for Acquisition and Sustainment.
Read the News Release: https://www.war.gov/News/Releases/Release/Article/4542329/forging-the-arsenal-of-freedom-department-of-war-suspends-cmmc-phase-ii-require
DoW Chief Information Officer Page: https://dowcio.war.gov
More Information: https://dowcio.war.gov/brilliantbasics
The DoW Office of Industrial Base Growth has resources to help small and medium-sized businesses with cybersecurity training, tools, and expert support. We initiated Project Spectrum, a comprehensive platform to provide the tools and training needed to increase cybersecurity awareness and maintain compliance with DoW contracting requirements.
How to get started: