TECH NEWS

The Pentagon’s cyber rules leave MSPs as an attack vector

https://cdn.nextgov.com/media/img/cd/2026/05/12/GettyImages_1284349529/open-graph.jpg

Austin Nooe/Getty Images

ByAmy Edwards and Michael McLaughlin

May 12, 2026 04:31 PM ET

COMMENTARY | Who actually holds the keys to military contractor information systems?

At a time when China, Russia and criminal groups are increasingly targeting military supply chains, a narrow regulatory gap has created an attack vector adversaries can exploit to undermine national security.

The Cybersecurity Maturity Model Certification (CMMC) program, which took effect in late 2025, is designed to protect those supply chains. By requiring contractors that handle Controlled Unclassified Information (CUI) to implement NIST SP 800-171 controls and undergo third-party verification, CMMC seeks to eliminate weak links across the Defense Industrial Base (DIB).

But as CMMC shifts from regulation to real-world enforcement, a fundamental question looms: Who actually holds the keys to military contractor information systems?

Overlooked impact of MSPs

Managed Service Providers (MSPs) are an indispensable part of protecting...

Copyright of this story solely belongs to nextgov.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/i0mhg34U.YFM/v1/1200x800.jpg

Sources: SpaceX and Charter have held executive-level talks on a consumer mobile phone offering, which would help SpaceX become a DTC mobile phone provider

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.