The Department of Defense has paused its Cybersecurity Maturity Model Certification (CMMC) Phase II implementation, establishing a 60-day task force to redesign the framework. This decision aims to reduce costs and improve scalability, as the current model faces challenges in meeting the needs of over 100,000 contractors. Despite the pause, existing cybersecurity requirements, including compliance with NIST Special Publication 800-171 Revision 2 and DFARS clauses, remain in effect. The move is expected to cause near-term disruption for cybersecurity service providers and defense contractors, potentially slowing purchasing decisions and investment strategies. AI
IMPACT This pause in CMMC implementation could slow the adoption of cybersecurity measures for defense contractors, potentially impacting the security of sensitive data and systems.
RANK_REASON Regulatory action by a major government department impacting a significant industry sector. [lever_c_demoted from significant: ic=1 ai=0.4]
- CMMC Reform Task Force
- CMMC Third-Party Assessment Organizations
- Controlled Unclassified Information
- Cybersecurity Maturity Model Certification
- Defense Federal Acquisition Regulation Supplement
- Department of War
- Kristen Davies
- Michael P. Duffey
- National Institute of Standards and Technology
- Pete Hegseth
- Special Publication 800-171 Revision 2
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →