New cybersecurity rules for US Department of Defense (DOD) contractors are entering the home stretch. The rules, which establish a comprehensive and scalable assessment mechanism within the agency’s Cybersecurity Maturity Model Certification (CMMC) program, aim to ensure that contractors and subcontractors are implementing information security measures required by the DOD.
The department, which has largely depended on security self-assessments by its suppliers in the past, has been criticized for some time by its inspector general for weak supervision of its suppliers.
