TECH NEWS

The Pentagon’s cyber rules leave MSPs as an attack vector

https://cdn.nextgov.com/media/img/cd/2026/05/12/GettyImages_1284349529/open-graph.jpg

Austin Nooe/Getty Images

ByAmy Edwards and Michael McLaughlin

May 12, 2026 04:31 PM ET

COMMENTARY | Who actually holds the keys to military contractor information systems?

At a time when China, Russia and criminal groups are increasingly targeting military supply chains, a narrow regulatory gap has created an attack vector adversaries can exploit to undermine national security.

The Cybersecurity Maturity Model Certification (CMMC) program, which took effect in late 2025, is designed to protect those supply chains. By requiring contractors that handle Controlled Unclassified Information (CUI) to implement NIST SP 800-171 controls and undergo third-party verification, CMMC seeks to eliminate weak links across the Defense Industrial Base (DIB).

But as CMMC shifts from regulation to real-world enforcement, a fundamental question looms: Who actually holds the keys to military contractor information systems?

Overlooked impact of MSPs

Managed Service Providers (MSPs) are an indispensable part of protecting...

Copyright of this story solely belongs to nextgov.com. To see the full text click HERE

Read more

https://cms.therecord.media/uploads/huawei_111c759701.jpg

Sources: an attack exploiting a previously unknown vulnerability in Huawei router software caused a three-hour nationwide telecoms outage in Luxembourg in 2025

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data
https://images.ft.com/v3/image/raw/https%3A%2F%2Fd1e00ek4ebabms.cloudfront.net%2Fproduction%2Fda568d35-97c5-45be-aec6-7a9a96ee8d78.jpg?source=next-article&fit=scale-down&quality=highest&wi...

Filing and sources: PE firm Hg has spun out €500M worth of assets from its €19B software group Visma, whose London IPO remains shelved amid the “SaaSpocalypse”

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data