Pentagon conducts analysis matching CMMC controls to SolarWinds hack

The Pentagon has put together a briefing exploring how its cyber certification program could have prevented or slowed down the SolarWinds hack, according to a senior Defense Department official responsible for supply chain risk at the acquisition level.

A contractor meeting the level three standards established by the Pentagon’s Cybersecurity Maturity Model Certification program would have “probably been able to see the activity,” said Stacy Bostjanick, acting director for supply chain risk management, at a NIST advisory board meeting today....