Katie Arrington: CMMC Requirements in RFPs Expected in November

Katie Arrington
Katie Arrington

Katie Arrington, chief information security officer for the Department of Defense’s acquisition and sustainment office and a 2020 Wash100 award winner, said the initial version of Cybersecurity Maturity Model Certification requirements could be included in solicitations by November, National Defense Magazine reported Monday.

“We understand this is a big cultural shift and we want to ensure that we’re doing everything we can to bring our small business partners right along with us,” she said Monday at the virtual Special Operations Forces Industry Conference.

Arrington said DoD is on schedule to release the CMMC requirements this year and plans to issue in June about 10 requests for information that integrate the new CMMC rules.

“As we release the RFIs, we'll have the certified and trained auditors who will be able to go out to industry and certify companies at the level of maturity required for the work that they’re bidding on,” she added.

She noted that changes to the Defense Federal Acquisition Regulation Supplement 252.204-7012 are being carried out and could be finalized in October. “You will not see the CMMC in any Department of Defense contracts or RFPs until the rule change is completed,” Arrington said.

Check Also

John  Zangardi

John Zangardi Appointed Redhorse President

John Zangardi, formerly senior vice president of business initiatives and strategic partnerships at Leidos' (NYSE: LDOS) civil group, has been named president of technology services provider Redhorse.

Sepideh Rowland

K2-FIN Adds Sepideh Behram Rowland to VP Ranks

Sepideh Behram Rowland, a two-decade financial services industry veteran, has assumed a vice president position within the financial crimes risk and compliance practice of K2 Intelligence Financial Integrity Network.