Katie Arrington: DoD’s Cyber Certification Framework Seeks to Better Understand Defense Supply Chain

Jeff Brody
Katie Arrington

Katie Arrington of the Department of Defense said DoD’s move to come up with a new cybersecurity certification model seeks to get a better oversight of the defense supply chain, Federal News Network reported Thursday.

DoD issued on Wednesday a draft version of the Cybersecurity Maturity Model Certification, which establishes cyber standards and practices meant to help the defense industrial base reduce exfiltration of controlled unclassified information.

“Every company within the DoD supply chain — not just the defense industrial base, but the 300,000 contractors — are going to have to get certified to do work with the Department of Defense,” Arrington, chief information security officer for DoD’s office of the assistant secretary of defense for acquisition, said at the Intelligence and National Security Summit.

Arrington cited the Pentagon’s use of the cybersecurity framework to facilitate discussions about the defense supply chain.

“We get everyone on a level-set playing field for cybersecurity, and then we can really start looking at our supply chain, where our most and greatest vulnerabilities lie and how we can work together in a collaborative event with industry,” she said.

Arrington said she sees the model as a way to shift from disparate requirements toward a framework focused on securing the defense supply chain.

The draft CMMC v0.4 has five levels ranging from basic cyber hygiene to highly advanced practices and consists of 18 domains, including access control, asset management and incident response.

Public comments on the draft model are due Sept. 25.

You may also be interested in...

Government

GAO: DOD Should Fill Gaps in Small Business Strategy

The Government Accountability Office (GAO) advises the Department of Defense (DOD) to develop an implementation plan, policy and a formal monitoring process for the DOD Small Business Strategy. Congress, in 2019, tasked DOD to create a strategy that will guide how the department handles small business programs, GAO said Thursday.