Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

The Pentagon’s cyber rules leave MSPs as an attack vector

(Pixabay)

By Amy Edwards and Michael McLaughlin

At a time when China, Russia and criminal groups are increasingly targeting military supply chains, a narrow regulatory gap has created an attack vector adversaries can exploit to undermine national security.

The Cybersecurity Maturity Model Certification (CMMC) program, which took effect in late 2025, is designed to protect those supply chains. By requiring contractors that handle Controlled Unclassified Information (CUI) to implement NIST SP 800-171 controls and undergo third-party verification, CMMC seeks to eliminate weak links across the Defense Industrial Base (DIB).

But as CMMC shifts from regulation to real-world enforcement, a fundamental question looms: Who actually holds the keys to military contractor information systems?

Read more at NextGov/FCW

Click to listen highlighted text!