On July 13, 2026, the Department of War announced it was immediately suspending Phase II of the Cybersecurity Maturity Model Certification (CMMC) program, the mandatory third-party audit requirement set to take effect November 10, 2026. For the thousands of small and mid-sized companies in the Defense Industrial Base bracing for those audits, this is a significant, if temporary, shift.
At ComTec Solutions, we've helped clients prepare for CMMC compliance since the program began, so here's what changed, what hasn't, and what to do next.
Pentagon leadership announced the suspension as part of a broader effort to reduce compliance burdens on smaller defense suppliers, and directed contracting officers to remove the suspended requirements from active and upcoming solicitations immediately.
In its place, the Pentagon is standing up a task force with 60 days to recommend ways to speed up compliance timelines and lower the barrier to entry for smaller contractors.
Several things remain fully in force:
- CMMC Phase I self-assessments, still required on applicable contracts
- NIST SP 800-171 Rev. 2, the 110 security controls contractors must still meet
- DFARS 252.204-7012, untouched by this announcement
- Existing C3PAO certifications, still valid as evidence of compliance
In short: the audit mechanism got paused. The legal obligation to protect federal contract information did not.
What This Means for Your Organization
If you've already invested in NIST 800-171 controls, that work isn't wasted. This isn't a green light to deprioritize cybersecurity.
If you've been waiting to see how CMMC would shake out, use this pause to get ahead of whatever the task force recommends. Streamlined programs tend to move fast once finalized, and companies that stay current on 800-171 will be best positioned when Phase II resumes. We're tracking the task force's review and can help you assess your current 800-171 posture, keep documentation audit-ready, and interpret how any new recommendations apply to your contracts.
Have questions about how the CMMC suspension affects your contracts? Contact ComTec Solutions to talk through your compliance strategy.