1. Forum
  2. FidoNet
  3. CONSPRCY

  • US DOD issues strict cybe

    From Mike Powell@1:2320/105 to All on Thu Sep 11 09:04:40 2025
    US Department of Defense issues strict new cyber rules for potential contractors

    Date:
    Wed, 10 Sep 2025 17:32:00 +0000

    Description:
    Vendors will have to prove adherence to strict new compliance rules.

    FULL STORY

    A new set of requirements has just been published for potential Department of Defense vendors. The new Cybersecurity Maturity Model Certification 2.0
    (CMMC) standards outline stringent compliance demands for any potential contractors for the DoD, which will officially come into effect November 10 2025.

    We expect our vendors to put U.S. national security at the top of their priority list, Katie Arrington, acting Pentagon chief information officer,
    said in a statement. By complying with cyber standards and achieving CMMC,
    this shows our vendors are doing exactly that.

    The new cybersecurity framework operates on three different levels of compliance dependent on the sensitivity of the data being handled. Vendors
    will not be eligible for DoD contracts if they do not meet the requirements.

    A second try

    Implementing the CMMC was a difficult and lengthy process, and the cybersecurity pushed back against the requirements during the first Trump administration, arguing that the rules are overcomplicated and that SMEs are overly burdened by the regulations.

    In the second version of these requirements, the process of compliance has
    been simplified, with just three assessment levels down from five. Vendors
    can self-assess their cybersecurity at the lowest sensitivity level, but tier two must be verified by a certified third-party assessor, and tier three will require assessment from the Defense Industrial Base Cybersecurity Assessment Center.

    The new requirements also set out plans of action and milestones that will
    help contractors that dont meet the regulations by allowing them 180 days of
    a conditional certification as they work to become compliant.

    Earlier this year, the US Department of Defense was urged to address serious
    IT systems flaws after programs were found to be falling short of required performance standards - with four critical defense systems identified
    without developed plans to implement a more rigorous cybersecurity
    approach -- zero trust architecture -- by the 2027 deadline.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-department-of-defense-issues-strict- new-cyber-rules-for-potential-contractors

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)