The Defense Department is providing a long-awaited preview into its plans for level three of the Cybersecurity Maturity Model Certification program, in a draft update to an overview publication that describes "security requirements" as defined by the National Institute of Standards and Technology. The model was last updated in 2021 following an internal review of the program and an announcement of major changes. DOD submitted a proposed rule to implement the CMMC program on July 24 to OMB’s Office of...