The Department of War has suspended the next phase of its Cybersecurity Maturity Model Certification (CMMC) program, a move expected to have significant implications for North Alabama’s defense industry while prompting a broad review of the government’s cybersecurity requirements.
CMMC is a mandatory Department of Defense framework requiring all defense contractors to implement strict cybersecurity standards to safeguard sensitive government data, a compliance process that often involves significant costs and lengthy timelines.
The department announced Monday that CMMC Phase II requirements, originally scheduled to take effect Nov. 10, have been suspended immediately. Officials said they will spend the next 60 days reviewing the program as part of Secretary of War Pete Hegseth’s broader Acquisition Transformation System initiative, which seeks to reduce regulatory burdens and speed the delivery of defense capabilities…