TZUTC: -0500
MSGID: 1487.consprcy@1:2320/105 2d2812c7
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
US Department of Defense issues strict new cyber rules for potential
contractors

Date:
Wed, 10 Sep 2025 17:32:00 +0000

Description:
Vendors will have to prove adherence to strict new compliance rules.

FULL STORY

A new set of requirements has just been published for potential Department of
Defense vendors. The new Cybersecurity Maturity Model Certification 2.0 
(CMMC) standards outline stringent compliance demands for any potential
contractors for the DoD, which will officially come into effect November 10
2025. 

We expect our vendors to put U.S. national security at the top of their
priority list, Katie Arrington, acting Pentagon chief information officer,
said in a statement. By complying with cyber standards and achieving CMMC,
this shows our vendors are doing exactly that. 

The new cybersecurity framework operates on three different levels of
compliance dependent on the sensitivity of the data being handled. Vendors
will not be eligible for DoD contracts if they do not meet the requirements. 

A second try 

Implementing the CMMC was a difficult and lengthy process, and the
cybersecurity pushed back against the requirements during the first Trump
administration, arguing that the rules are overcomplicated and that SMEs are
overly burdened by the regulations. 

In the second version of these requirements, the process of compliance has
been simplified, with just three assessment levels down from five. Vendors 
can self-assess their cybersecurity at the lowest sensitivity level, but tier
two must be verified by a certified third-party assessor, and tier three will
require assessment from the Defense Industrial Base Cybersecurity Assessment
Center. 

The new requirements also set out plans of action and milestones that will
help contractors that dont meet the regulations by allowing them 180 days of 
a conditional certification as they work to become compliant. 

Earlier this year, the US Department of Defense was urged to address serious
IT systems flaws after programs were found to be falling short of required
performance standards - with four critical defense systems identified  
without developed plans to implement a more rigorous cybersecurity
approach -- zero trust architecture -- by the 2027 deadline.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/us-department-of-defense-issues-strict-
new-cyber-rules-for-potential-contractors

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426