The National Defense Industrial Association is raising concerns over how prime contractors will determine the maturity level needed for subcontracts and work through flow down requirements under the Pentagon’s final rule to establish the Cybersecurity Maturity Model Certification program. The rulemaking directs the prime to work with the “contracting officer to determine what security is needed at what level and at what place in the contract,” Trey Hodgkins, chair of NDIA's cybersecurity division, told Inside Cybersecurity . Hodgkins said, “The...
