The U.S. Department of Defense (DoD) has officially postponed the rollout of Phase II of its Cybersecurity Maturity Model Certification (CMMC) 2.0 program. This decision delays the implementation of new cybersecurity certification mandates, initially scheduled to take effect on November 10, as officials conduct a comprehensive 60-day evaluation of the program.
This suspension may have significant ramifications for tribally owned federal contractors and Native-owned enterprises vying for DoD contracts, as it stalls the upcoming phase of cybersecurity certification criteria.
The pause occurs less than a year after Cayuse Government Operations — a venture of the Confederated Tribes of the Umatilla Indian Reservation — and Akiak Technology, operated by the Akiak Native Community, pioneered their way to achieving CMMC Level 2 certification. This achievement has strategically positioned them for contracts that necessitate enhanced cybersecurity protocols.
While new certification requirements are postponed, existing cybersecurity obligations remain intact during the ongoing departmental review.
The aforementioned review aims to harmonize the CMMC with an initiative introduced by DoD Secretary Pete Hegseth, known as the Acquisition Transformation System. This program is designed to mitigate barriers frequently encountered by small to medium-sized and nontraditional defense suppliers, all while upholding rigorous cybersecurity standards.
The U.S. Small Business Administration (SBA) has expressed approval of the decision, noting that feedback from small defense contractors indicated that CMMC compliance costs were a significant deterrent to engagement in the Defense Industrial Base.
According to SBA estimates, securing third-party certification could impose costs of nearly $594,000 on some small businesses, while self-assessment compliance could reach approximately $389,000. Further, the agency indicated that over 120,000 small defense contractors would have been impacted by the Phase II requirements had they been enacted as planned.
During this review period, a newly established CMMC Reform Task Force will solicit industry feedback and propose modifications to the certification framework. Additionally, the department has suspended all pending and future CMMC implementation milestones related to defense solicitations and contracts. Officials anticipate that the task force will submit its recommendations within the stipulated 60 days.
Source link: Tribalbusinessnews.com.






