The American Gas Association is asking the Defense Department to consider potential avenues where contractors and subcontractors can use cyber policies at other agencies to fulfill requirements under the Cybersecurity Maturity Model Certification program. DOD issued the first proposed rule to implement the CMMC program on Dec. 26. In comments to DOD, AGA points to two Transportation Security Administration security directives that establish ongoing reporting and assessment requirements, which they argue are “specific to the risk portfolio of pipeline systems.”...