TZUTC: -0500   
   MSGID: 1487.consprcy@1:2320/105 2d2812c7   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   US Department of Defense issues strict new cyber rules for potential   
   contractors   
      
   Date:   
   Wed, 10 Sep 2025 17:32:00 +0000   
      
   Description:   
   Vendors will have to prove adherence to strict new compliance rules.   
      
   FULL STORY   
      
   A new set of requirements has just been published for potential Department of   
   Defense vendors. The new Cybersecurity Maturity Model Certification 2.0    
   (CMMC) standards outline stringent compliance demands for any potential   
   contractors for the DoD, which will officially come into effect November 10   
   2025.    
      
   We expect our vendors to put U.S. national security at the top of their   
   priority list, Katie Arrington, acting Pentagon chief information officer,   
   said in a statement. By complying with cyber standards and achieving CMMC,   
   this shows our vendors are doing exactly that.    
      
   The new cybersecurity framework operates on three different levels of   
   compliance dependent on the sensitivity of the data being handled. Vendors   
   will not be eligible for DoD contracts if they do not meet the requirements.    
      
   A second try    
      
   Implementing the CMMC was a difficult and lengthy process, and the   
   cybersecurity pushed back against the requirements during the first Trump   
   administration, arguing that the rules are overcomplicated and that SMEs are   
   overly burdened by the regulations.    
      
   In the second version of these requirements, the process of compliance has   
   been simplified, with just three assessment levels down from five. Vendors    
   can self-assess their cybersecurity at the lowest sensitivity level, but tier   
   two must be verified by a certified third-party assessor, and tier three will   
   require assessment from the Defense Industrial Base Cybersecurity Assessment   
   Center.    
      
   The new requirements also set out plans of action and milestones that will   
   help contractors that dont meet the regulations by allowing them 180 days of    
   a conditional certification as they work to become compliant.    
      
   Earlier this year, the US Department of Defense was urged to address serious   
   IT systems flaws after programs were found to be falling short of required   
   performance standards - with four critical defense systems identified     
   without developed plans to implement a more rigorous cybersecurity   
   approach -- zero trust architecture -- by the 2027 deadline.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/us-department-of-defense-issues-strict-   
   new-cyber-rules-for-potential-contractors   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426