Katie Arrington: Pentagon’s CMMC Could Become Standard for Civilian Agencies

Jeff Brody
Katie Arrington

Katie Arrington, chief information security officer for the Department of Defense’s acquisition and sustainment office and a 2020 Wash100 award winner, said she believes the DoD’s Cybersecurity Maturity Model Certification program “will become a federal standard for the whole of government rapidly,” FedScoop reported Thursday.

Arrington said she has discussed that possibility with Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and fellow Wash100 awardee.

She noted the CMMC accreditation body is working to align the new framework with the Federal Risk and Authorization Management Program to help contractors mitigate the economic challenge of working with the government.

“We understand there is going to be a cost to this,” she said. “If somebody is FedRAMP certified we will offer reciprocity to them.”

The Pentagon plans to propose a rule change under the Defense Federal Acquisition Regulation to integrate CMMC into contracts by fall and into requests for information as early as summer. Full deployment of the new cyber framework is expected to conclude by 2025.

Check Also


SAIC Awarded TSA Test & Evaluation Support BPA

Science Applications International Corp. (NYSE: SAIC) has been awarded a potential $40M blanket purchase agreement for operational test and evaluation services to the Transportation Security Administration, according to an award notice posted Thursday.

US Air Force

Air Force Selects Boeing, Lockheed, Raytheon Technologies for Hypersonic Cruise Missile Tech Design Program

The U.S. Air Force has indicated its intent to solicit design proposals from Boeing (NYSE: BA), Lockheed Martin (NYSE: LMT) and Raytheon Technologies (NYSE: RTX) for a hypersonic cruise missile technology that can be launched from a fighter or a bomber aircraft.