The Pentagon's approach to making cybersecurity a foundational part of acquisition is mandating new compliance requirements for the defense industrial base, which could potentially create a division between primes and subcontractors when it comes to information sharing. An interim rule went into effect on Nov. 30 setting up the requirements for the Defense Department's Cybersecurity Maturity Model Certification program, which will be rolled out over a five-year period. In the interim, contractors who handle controlled unclassified information will need to...
