Wireby Fusion42
Read this story on the live Wire →

Wire · founder news, decoded · regulatory

Another Overhaul Planned for DoD's Effort to Manage Contractors' Cybersecurity

The US Department of Defense has suspended Phase 2 of its Cybersecurity Maturity Model Certification (CMMC) program, scheduled for November implementation, citing compliance burden concerns on small contractors. Phase 1 self-attestation requirements remain in place following November 2025 enforcement start.

This Wire brief sits within Fusion42's coverage of Cybersecurity. Wire is Fusion42's founder-focused intelligence feed: each story is connected to the funds and startups it names — every one with a live profile on Raise or Scout — so founders can follow the capital and the momentum behind the headline rather than just the headline itself. Wire analysis is one of the live surfaces Arthur, Fusion42's AI co-founder, reasons over.

The Wire takeaway

If you sell to the US military, the certification wall you've been preparing for just got postponed—but Phase 1 stays in force. Use the reprieve to build the compliance capability defensively; the more elaborate second phase is coming back, and buyers are still demanding it as a contract condition.

Read the full story at vitallaw.com

Topics: Cybersecurity · cmmc-suspension · dod-compliance · small-business-burden · cybersecurity-requirements · defense-contractor

Related on Wire

Verified 15 July 2026 · Sources: Fusion42 review