Defense group seeks clarification on segmentation in NIST advanced persistent threats publication used by CMMC program

The Aerospace Industries Association is encouraging the National Institute of Standards and Technology to provide clarity on segmenting different components of an IT system, in a draft publication on advanced persistent threats used to establish requirements for the Pentagon’s Cybersecurity Maturity Model Certification program.

“AIA’s main concern revolves around segmenting. AIA is pleased to see the discussion of air gapping in Rev 1 has not continued in Rev 3. AIA believes that segmenting for specific functions or system(s), along the...