The Defense Department's policy for contractors to provide details on how they will address gaps in their Cybersecurity Maturity Model Certification assessments will include a threshold on requirements that "need to be" taken "seriously," according to DOD's John Ellis, who leads the office responsible for conducting CMMC assessor audits. Allowing contractors to submit a plan of action and milestones explaining how they will achieve specific unmet requirements on CMMC controls is a new feature as part of a revamp to...