EY put out a piece in September 2021 entitled “How defense contractors can navigate cybersecurity compliance regulations”.  The piece states, among other things:

“Cybersecurity regulations are changing for defense contractors, and the shifting landscape has kept many players in the industry off balance.  The changes, prompted by the theft of critical defense technology, mean that companies doing business with the Department of Defense (DoD) will need third-party certification of their compliance with heightened cybersecurity standards.  The current transition period has sown confusion among companies that need to identify and classify which data is to be protected, understand how the security standards will be evaluated, and know which parts of their network will be subject to the more stringent requirements.  But organizations can take proactive steps to assess their readiness now so they can decide what business actions make sense once the new program is in place.”

Read the full piece here.