PFG Optics | Blog

CMMC Pause: Our Perspective

Written by Trevor Green | Jul 17, 2026

My great-grandfather, Fred Ferson, started making optics in his garage to support the war effort during WWII, first as a solo operation, then growing to over 100 people, producing a meaningful percentage of precision optics for the American defense industry. I wonder if he could imagine the new cyber battlefront that has since opened in the internet age. I also wonder whether, in today's contracting environment with its alphabet soup of DFARS flow downs, he would have been able to achieve this as quickly as he did, perhaps whether he would be able to enter the market at all. That is the tension facing the Department of War: protecting controlled information without pricing the next Fred Ferson out of the defense industrial base.

It is with this context that I consider the US Department of War's announcement of a pause on CMMC Phase 2 cybersecurity requirements. The Department's position was clear: the program was not achieving its intended results and was instead pushing suppliers out of the defense industrial base at a moment when capacity matters most. We welcome the Department's focus on enabling manufacturers like PFG to perform at the scale required to forge the "Arsenal of Freedom," as described by the Department.

I want to assure our customers and partners what did not change with this week's announcement: PFG's commitment to cybersecurity. We have implemented the NIST 800-171 control set, which remains a standing obligation under DFARS 252.204-7012 and is fully in force today. This is the same control set CMMC Phase 2 sought to formally certify. More importantly, it is simply the right set of practices for protecting controlled information, with or without a formal audit requirement.

For what comes next to replace CMMC, we expect the outcome to be a solution that supports scale and cuts red tape while safeguarding controlled information. PFG stands ready to take up the direction the DoW and our customers provide, but we are not waiting around for that guidance to continue hardening our position against cyber threats.

In short: the paperwork paused. Our practices did not.

Trevor Green
Sales Manager, PFG Precision Optics