Katie Arrington, chief information security officer for the Department of Defense’s acquisition and sustainment office and a 2020 Wash100 award winner, said she believes the DoD’s Cybersecurity Maturity Model Certification program “will become a federal standard for the whole of government rapidly,” FedScoop reported Thursday.
Arrington said she has discussed that possibility with Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and fellow Wash100 awardee.
She noted the CMMC accreditation body is working to align the new framework with the Federal Risk and Authorization Management Program to help contractors mitigate the economic challenge of working with the government.
“We understand there is going to be a cost to this,” she said. “If somebody is FedRAMP certified we will offer reciprocity to them.”
The Pentagon plans to propose a rule change under the Defense Federal Acquisition Regulation to integrate CMMC into contracts by fall and into requests for information as early as summer. Full deployment of the new cyber framework is expected to conclude by 2025.