The Pentagon’s cyber rules leave MSPs as an attack vector
At a time when China, Russia and criminal groups are increasingly targeting military supply chains, a narrow regulatory gap has created an attack vector adversaries can exploit to undermine national security.
The Cybersecurity Maturity Model Certification (CMMC) program, which took effect in late 2025, is designed to protect those supply chains. By requiring contractors that handle Controlled Unclassified Information (CUI) to implement NIST SP 800-171 controls and undergo third-party verification, CMMC seeks to eliminate weak links across the Defense Industrial Base (DIB).
But as CMMC shifts from regulation to real-world enforcement, a fundamental question looms: Who actually holds the keys to military contractor information systems?
Read more at NextGov/FCW