CMMC Phase II Requirements Paused: What Manufacturers Need to Know

Amanda Beaulieu • July 14, 2026

DoD launches 60-day review to reduce CMMC compliance barriers

On Monday, the Department of Defense announced the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements while it conducts a full-scale review of the program. Originally scheduled to go into effect on November 10, 2026, third-party Level 2 certification requirements are paused along with pending and future CMMC implementation milestones.


While Phase II certification requirements are on hold, existing cybersecurity obligations remain unchanged. CMMC Phase I self-assessment requirements remain in effect, and the Department will continue using self-assessments and select government-led assessments to evaluate compliance with the NIST SP 800-171 Rev. 2 cybersecurity requirements. Defense contractors and subcontractors must also continue protecting covered defense information as required under DFARS clause 252.204-7012.


The pause changes the timeline and process for third-party certification—it does not eliminate the responsibility to maintain cybersecurity protections and safeguard federal information.


The move is “In support of Secretary Pete Hegseth's directive to reduce compliance barriers for small and medium-sized businesses,” said DoD Chief Information Officer Kirsten A. Davies.


Figures from the Small Business Administration (SBA) show that had the Phase II November launch date held, 120,000 DIB small businesses would have been required to seek compliance through a system with about only 100 approved assessors. Initially developed to strengthen cybersecurity across the Defense Industrial Base (DIB), the DoD says the CMMC program has also introduced significant compliance costs and administrative complexity.


According to the Department, recent data, including findings from the SBA, suggests that these compliance challenges have forced some companies out of the DIB entirely, slowing the delivery of critical capabilities.


For many manufacturers, especially small and medium-sized companies, meeting the requirements has proven challenging and cost-prohibitive.


Total compliance costs can reach upwards of $593,800 per CMMC certification for small firms requiring third‑party assessment, and about $388,600 for firms eligible for self‑assessment according to SBA analysis.


Hon. Michael Duffey, Under Secretary of Defense for Acquisition and Sustainment, said the decision to suspend Phase II “ensures we maintain a strict security baseline while removing paralyzing costs and keeping innovators and competition growing in the defense supply chain."


The DoD’s newly formed CMMC Reform Task Force will immediately begin a comprehensive study of the CMMC certification program. According to the DoD, the goal is to make the program less burdensome for small, medium-sized, and non-traditional businesses while shifting the focus to practical, scalable cybersecurity that supports faster delivery of defense capabilities.


As part of the review, the task force will gather industry feedback through a public Request for Information (RFI) to better understand compliance challenges and use that input to develop recommendations. The final report is expected to be delivered to Davies within 60 days.


"Robust cybersecurity and operational resilience remain critical to protecting American innovation and supporting warfighter readiness,” said Davies. “We believe the DIB can achieve both, while we reduce unnecessary government red tape.”


Connecticut has a long history as a leader in aerospace, defense, and advanced manufacturing. The state’s defense industrial base includes roughly 1,000 contractors and suppliers that play a vital role in supporting national security while contributing to the strength of the local economy through innovation, investment, and skilled jobs".


“Small and mid-sized manufacturers are critical to Connecticut’s defense supply chain, and many are navigating increasingly complex cybersecurity requirements,” said Beatriz Gutierrez, CONNSTEP President & CEO. "Reducing compliance barriers like prohibitive costs can help ensure that our state's manufacturers remain part of the defense supply chain."

"The pause in CMMC Phase II gives companies additional time to prepare, strengthen their cybersecurity posture, and address gaps before future requirements take effect. CONNSTEP remains committed to helping manufacturers navigate these changes and build the capabilities needed to compete in the Defense Industrial Base.”

Beatriz Gutierrez, CONNSTEP President & CEO

Through cybersecurity readiness assessments, NIST SP 800-171 implementation support, and CMMC preparation assistance, CONNSTEP helps Connecticut manufacturers identify areas for improvement and develop practical strategies to strengthen their cybersecurity programs.


While the timeline has shifted, cybersecurity remains a critical requirement for manufacturers doing business in the defense sector. Organizations that continue improving their cybersecurity posture now will be better positioned regardless of how the revised CMMC program evolves.


More information can be found here: https://dowcio.war.gov/brilliantbasics

Recent Posts

April 29, 2026
Phoenix Manufacturing, Inc., founded in 1989, is a privately held family-operated small business in Enfield, Connecticut, specializing in precision machining for the aerospace industry. What began as a two-person operation in a 2,000-square-foot building has grown into a company with over 100 employees operating out of a 114,000-square-foot, state-of-the-art manufacturing facility. As a contract manufacturer, Phoenix specializes in complex, tight-tolerance components, supported by more than 40 CNC machines and a multi-axis mill/turn line. The company provides end-to-end manufacturing solutions—from engineering consultation through full-scale production—serving commercial aviation, spaceflight, and defense markets for both domestic and global customers, including leading aerospace and defense OEMs. A defining element of Phoenix’s growth has been its strategic investment in advanced manufacturing technology, particularly palletized machining centers. Since 2017, the company has added 11 machining centers integrated with palletized systems, enabling unattended, automated production and significantly expanding machining capacity. This automation journey has positioned Phoenix to better meet increasing customer demand while maximizing machine utilization. Phoenix’s commitment to quality is central to its operations and customer relationships. Managing more than 600 active part numbers, the company strives for 0 parts per million (PPM) defects and 99% on-time delivery (OTD) for major OEM customers. Its quality management system is certified to ISO 9001 and AS9100 Rev D standards, and Phoenix also holds NADCAP certifications in Nonconventional Machining and Nondestructive Testing, reflecting a rigorous, inspection-driven approach to delivering consistent, high-quality results.  Guided by a mission to deliver high-quality, cost-effective products through advanced technology and an uncompromising commitment to quality, Phoenix continues to invest in innovation, automation, and the next generation of manufacturing leadership.
April 28, 2026
Founded in 1959, Projects Inc. is a Glastonbury, Connecticut-based manufacturer specializing in precision-machined components for aerospace, industrial, and commercial applications. With 102 employees, the company operates out of 66,000 square feet of manufacturing and office space and supports customers across a range of industries, including aerospace and power generation. Projects Inc. has deep roots in the aerospace industry, where it has provided high-quality machining services for decades. Since 1996, the company has supplied FAA Parts Manufacturer Approval (PMA) components to the aviation sector. Projects Inc. received FAA Repair Station Certification in 1984. As a maintenance, repair, and overhaul (MRO) provider, Projects supports customers with repair solutions that help keep critical aerospace equipment operating safely and efficiently. Its customer base includes major aerospace companies such as Sikorsky, Pratt & Whitney, and GE Aerospace, along with airlines including United, Delta, American, and Lufthansa. Projects Inc. is Federal Aviation Administration (FAA), European Union Aviation Safety Agency (EASA), and UK Civil Aviation Authority (CAA) – approved. The company is also AS9100D and ISO 9001: 2015-certified, reflecting its commitment to quality, consistency, and industry standards. With capabilities that include prototyping, CNC machining, EDM, laser cutting, and grinding, Projects Inc. offers a broad range of precision manufacturing services supported by advanced in-house equipment and technical expertise. Today, Projects Inc. is recognized as an experienced supplier of high-quality components, with a long-standing focus on quality, reliability, and customer service.
Penn Globe logo over a room with people, possibly a conference.
February 11, 2026
Learn how Penn Globe partnered with CONNSTEP to invest in employee training, strengthen skills, and support business growth and competitiveness.
Logo of Specialty Cable Corporation (SCC) in a warehouse setting.
February 10, 2026
See how Specialty Cable Manufacturers partnered with CONNSTEP to strengthen quality systems and successfully achieve AS9100 recertification.
People in a factory setting, with the Forum Contract Manufacturing logo in the foreground.
February 9, 2026
Learn how Forum Plastics partnered with CONNSTEP to invest in supervisory training, strengthen leadership skills, and support long-term growth.
Logo of the letter
February 8, 2026
See how a Connecticut printing company partnered with CONNSTEP to improve efficiency, reduce waste, and advance environmental sustainability.
Beekley Medical logo with text
February 7, 2026
Learn how a medical products manufacturer partnered with CONNSTEP to strengthen quality systems and achieve successful recertification.
Pursuit Aerospace logo over a blurred medical equipment background. The logo is white text on a black rectangular box.
February 6, 2026
See how an aerospace manufacturer partnered with CONNSTEP to conduct an internal quality audit and get back on track to compliance.
Woman in lab setting, logo overlay of Syn-Mar Products Inc., blue and white color scheme.
February 5, 2026
Learn how a home bathroom remodeling manufacturer partnered with CONNSTEP to use lean training to streamline operations and improve efficiency.
Logo for Wild CNC Machining Services on a blue background.
February 4, 2026
See how a manufacturer partnered with CONNSTEP to update HR policies, strengthen people practices, and support future business growth.
Show More