Monday, July 13, 2026

SBA Applauds Suspension of CMMC Phase II for Small Defense Contractors

Share

In a significant move for small defense contractors, the U.S. Small Business Administration (SBA) has applauded the U.S. Department of War (DoW) for suspending the requirements of the Cybersecurity Maturity Model Certification (CMMC) Phase II program. This decision comes after a prolonged dialogue with small business stakeholders who highlighted that the original framework placed an undue financial burden on the very firms crucial to the U.S. Defense Industrial Base (DIB).

SBA Administrator Kelly Loeffler remarked, “Let there be no doubt: the small businesses that undergird our defense industrial base are committed to protecting our nation’s digital domain — but cybersecurity cannot come at the cost of bureaucracy that shuts out the very companies our warfighters depend on.” The suspension, originally scheduled to go into effect on November 10, 2026, is a critical step in recalibrating the CMMC framework, ensuring it supports robust cybersecurity while eliminating regulatory hurdles.

For small business owners, the implications of this suspension are profound. The SBA estimates that compliance costs related to the CMMC certification could reach approximations of $593,800 for those requiring third-party assessments and $388,600 for firms eligible for self-assessments. This kind of financial strain could lead many small firms to reconsider their participation in defense-related work, threatening their economic viability and the national security infrastructure upon which the country relies.

The decision follows concerns raised by over 100,000 small businesses that the CMMC regulations were not only confusing but also financially burdensome. The potential requirement for small contractors to undergo either a self-assessment or a third-party assessment is now on hold while the DoW evaluates how to refine the cybersecurity measures without stifling innovation or participation from smaller firms.

The Department of War’s suspension is seen as a proactive step towards fostering a more efficient Acquisition Transformation System (ATS) that emphasizes speed and capability over cumbersome compliance processes. By initiating a comprehensive review of the program, the DoW aims to strike a balance between protecting federal data and ensuring that small businesses remain competitive in the defense contracting arena.

Additionally, the CMMC model, initially designed to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), will be reassessed to establish a framework that not only protects information but also enhances small firms’ ability to participate in defense contracts. If the original Phase II requirements had been implemented, research indicated that more than 120,000 small DIB businesses would have faced compliance hurdles backed by only about 100 approved assessors. Such restrictions risked delaying certification and potentially cutting off qualified suppliers from crucial government contracts.

Small business owners should consider the immediate benefits of this suspension. The SBA’s concerted efforts, through nationwide manufacturing tours and initiatives like the SBA Red Tape Hotline, have taken into account the recurring feedback from small manufacturers about the heavy regulatory load posed by CMMC. This engagement with the DoW showcases a commitment to reducing unnecessary compliance burdens while still prioritizing cybersecurity.

However, challenges remain. As the review progresses, small business stakeholders must stay informed about any changes to the CMMC framework and prepare for potential shifts in cybersecurity requirements. Although the suspension of Phase II offers immediate relief, businesses must remain vigilant and proactive in understanding how these regulations may evolve in the near future.

For small business owners, this period presents an opportunity to engage with policymakers and voice their concerns, ensuring that the final CMMC regulations can accommodate not only stringent cybersecurity measures but also the realities of operating a small business in today’s complex defense landscape.

The SBA’s collaborative approach with the DoW illustrates a vital dialogue aimed at bolstering the participation of small businesses within the DIB. By remaining flexible and responsive to the challenges these entrepreneurs face, policymakers can create a more inclusive environment where small businesses can thrive and contribute to national security effectively.

For further details, visit the original release from the SBA here.

Sarah Lewis
Sarah Lewis
Sarah Lewis is a small business news journalist and writer dedicated to keeping entrepreneurs informed on the latest industry trends, policy changes, and economic developments. With over a decade of experience in business reporting, Sarah has covered breaking news, market insights, and success stories that impact small business owners. Her work has been featured in prominent business publications, delivering timely and actionable information to help entrepreneurs stay ahead. When she's not covering small business news, Sarah enjoys exploring new coffee shops and perfecting her homemade pasta recipes.

Read More

Local News