Katie Arrington: Firms Won’t Need to Meet Same Level of CMMC Requirements on Contracts

Jeff Brody
Katie Arrington

Katie Arrington, chief information security officer in the office of the defense undersecretary for acquisition and a 2020 Wash100 award winner, said DoD would not require prime contractors and subcontractors on a contract to meet the same level of Cybersecurity Maturity Model Certification requirements, FedScoop reported Friday.

Arrington said at an event Friday the Pentagon will clarify which parts of a contract will demand different levels of certification in upcoming requests for information.

“One size doesn’t fit all for security,” Arrington said. “The subs, by what work they are doing, will need to meet a level one or level two.”

Arrington will deliver the keynote speech at the Potomac Officers Club’s CMMC Forum 2020 on April 2. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.

Click here to register for the event.

Check Also

KBR

KBR Wins Potential $93M Navy Combat Integration System Support IDIQ

KBR’s (NYSE: KBR) government services business has won a potential five-year, $92.6M contract to engineer and produce datalink systems and associated platforms for the U.S. Navy’s combat operations.

DLA

DLA Awards Logistics Modernization Integration Support IDIQs to Advantaged Solutions, United Defense International

Advantaged Solutions and United Defense International have each received a potential five-year, $265M contract from the Defense Logistics Agency for logistics modernization integration support.