The Defense Department is working on a new rule to establish a cyber regime focused on advanced persistent threats that is expected to add new regulations around levels four and five of the Pentagon's Cybersecurity Maturity Model Certification program. The rule will build on an interim regulation that went into effect on Nov. 30, according to industry sources. The current rule adds three new clauses to the Defense Federal Acquisition Regulation Supplement and follows a "crawl, walk, run" methodology to get to CMMC compliance, centered around NIST Special Publication 800-171 and focused on the protection of controlled unclassified information.
展开▼
