Wire · founder news, decoded · regulatory
Another Overhaul Planned for DoD's Effort to Manage Contractors' Cybersecurity
The US Department of Defense has suspended Phase 2 of its Cybersecurity Maturity Model Certification (CMMC) program, scheduled for November implementation, citing compliance burden concerns on small contractors. Phase 1 self-attestation requirements remain in place following November 2025 enforcement start.
This Wire brief sits within Fusion42's coverage of Cybersecurity. Wire is Fusion42's founder-focused intelligence feed: each story is connected to the funds and startups it names — every one with a live profile on Raise or Scout — so founders can follow the capital and the momentum behind the headline rather than just the headline itself. Wire analysis is one of the live surfaces Arthur, Fusion42's AI co-founder, reasons over.
The Wire takeaway
If you sell to the US military, the certification wall you've been preparing for just got postponed—but Phase 1 stays in force. Use the reprieve to build the compliance capability defensively; the more elaborate second phase is coming back, and buyers are still demanding it as a contract condition.
Read the full story at vitallaw.com →
Topics: Cybersecurity · cmmc-suspension · dod-compliance · small-business-burden · cybersecurity-requirements · defense-contractor