Marines with Marine Corps Forces Cyberspace Command pose for photos in cyber operations room at Lasswell Hall aboard Fort Meade, Maryland, Feb. 5, 2020. MARFORCYBER Marines conduct offensive and defensive cyber operations in support of United States Cyber Command and operate, secure and defend the Marine Corps Enterprise Network. This image is a photo illustration.
Soldiers in a cyber operations room. Photo: Staff Sgt. Jacob Osborne/US Marine Corps
AmericasCyberTechnology

GAO Flags Gaps in Pentagon Cyber Certification Rollout for Defense Contractors

Photo of Rojoef Manuel Rojoef ManuelMarch 18, 2026
1 minute read

The US Government Accountability Office (GAO) has found that the Department of Defense has not fully evaluated outside risks that could slow the adoption of its Cybersecurity Maturity Model Certification (CMMC) program.

Launched in 2020 and updated in 2024, the CMMC obligates industry partners to employ their respective networks under certain cybersecurity standards to protect sensitive government data.

The Pentagon began phasing in requirements in November 2025 as it shifted from voluntary compliance to mandatory certification.

Findings and Risks

According to the GAO, the Department of Defense has developed multiple planning documents and addressed most elements of a comprehensive strategy under the CMMC.

However, it “has not systematically assessed and documented the external factors that could affect the department meeting its goals,” passing only six out of seven of that benchmark.

The agency noted that a key risk is the private sector’s capacity to meet demand, as the Pentagon relies on third-party assessors to certify tens of thousands of contractors, but has not outlined how it would respond if there are too few qualified assessors.

“By assessing and documenting key external factors and developing approaches to address them, [Department of Defense] would better understand program implementation risks,” the GAO said.

The government watchdog added that the department could issue waivers if issues occur, but warned that relying on waivers “could undermine the long-term viability” of the program.

The report also cited uncertainty around workforce competency projects and evolving cybersecurity standards, including updates from the National Institute of Standards and Technology that have yet to be incorporated.

Solution

Due to the underlying risks, the GAO recommended that the Pentagon identify and document external challenges and develop mitigation plans.

The defense department agreed with the recommendation and said it will provide updates on its actions.

Tags
Photo of Rojoef Manuel Rojoef ManuelMarch 18, 2026
1 minute read

Related Articles

USS Gerald R. Ford

USS Gerald Ford Aircraft Carrier Returns Home After 326-Day Deployment

May 17, 2026
Internationalist organizations rally in front of the Ministry of Foreign Affairs in Madrid, Spain, to demand an end to the US blockade of Cuba.

Havana Quietly Advises Cubans on How to Survive ‘Enemy Attacks’

May 17, 2026
An armed Iranian police officer holding a rifle monitors the area as motorcyclists ride beneath a billboard depicting an AI-generated image of the Strait of Hormuz and an effigy of US President Donald Trump, displayed on the wall of a state building in downtown Tehran, Iran, on May 3, 2026.

Pakistani Minister Arrives in Tehran to ‘Facilitate’ US-Iran Peace Talks: Media

May 17, 2026
Satellite view of shipping traffic in and around the Strait of Hormuz

Iran State TV Says European Countries in Talks With Tehran for Hormuz Transit

May 17, 2026
US President Donald Trump speaks to reporters at the White House

Trump Says US, Nigerian Forces ‘Eliminate’ Senior IS Leader

May 16, 2026
US Army major communicating during DEFENDER 2022 exercise in Poland

US Scraps Deployment of 4,000 Troops to Poland

May 16, 2026
ATMOS2 ruggedized tactical computers

Core Systems to Supply Rugged C2 Computers for US Army

May 15, 2026
HMS Prince of Wales Maritime Medical Emergency Response Team (MMERT) performs medical response to a simulated injury aboard the HMS Duncan destroyer.

Royal Navy Trials Air Ambulance Team, Containerized Medical Hub at Sea

May 15, 2026
RQ-21 Blackjack drone

US Special Ops Chiefs Push for Right-to-Repair Authority for Military Systems

May 15, 2026
150326-N-ZZ999-001 WATERS TO THE SOUTH OF THE KOREAN PENINSULA, Republic of Korea (March 26, 2015) – An MV-22 Osprey, from Marine Medium Tiltrotor Squadron 262 (reinforced), 31st Marine Expeditionary Unit, demonstrates its vertical takeoff and landing (VSTOL) capabilities aboard the amphibious assault ship ROKS Dokdo (LPH 6111) during training to strengthen the interoperability between the Navy and Marine Corps of both the U.S. and Republic of Korea. The Marines of the 31st MEU are embarked aboard the forward-deployed amphibious assault ship USS Bonhomme Richard (LHD 6) and currently conducting a regularly-scheduled patrol of the Asia-Pacific region. (U.S. Navy photo courtesy of ROK Navy / Released)

Airbility, Schübeler Launch eVTOL Propulsion Tech Collaboration

May 15, 2026
Back to top button