Katie Arrington, chief information security officer in the office of the defense undersecretary for acquisition and a 2020 Wash100 award winner, said DoD would not require prime contractors and subcontractors on a contract to meet the same level of Cybersecurity Maturity Model Certification requirements, FedScoop reported Friday.
Arrington said at an event Friday the Pentagon will clarify which parts of a contract will demand different levels of certification in upcoming requests for information.
“One size doesn’t fit all for security,” Arrington said. “The subs, by what work they are doing, will need to meet a level one or level two.”
Arrington will deliver the keynote speech at the Potomac Officers Club’s CMMC Forum 2020 on April 2. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.
Click here to register for the event.