Home / News / Katie Arrington: DoD’s Cyber Certification Framework Seeks to Better Understand Defense Supply Chain

Katie Arrington: DoD’s Cyber Certification Framework Seeks to Better Understand Defense Supply Chain

Jeff Brody
Katie Arrington

Katie Arrington of the Department of Defense said DoD’s move to come up with a new cybersecurity certification model seeks to get a better oversight of the defense supply chain, Federal News Network reported Thursday.

DoD issued on Wednesday a draft version of the Cybersecurity Maturity Model Certification, which establishes cyber standards and practices meant to help the defense industrial base reduce exfiltration of controlled unclassified information.

“Every company within the DoD supply chain — not just the defense industrial base, but the 300,000 contractors — are going to have to get certified to do work with the Department of Defense,” Arrington, chief information security officer for DoD’s office of the assistant secretary of defense for acquisition, said at the Intelligence and National Security Summit.

Arrington cited the Pentagon’s use of the cybersecurity framework to facilitate discussions about the defense supply chain.

“We get everyone on a level-set playing field for cybersecurity, and then we can really start looking at our supply chain, where our most and greatest vulnerabilities lie and how we can work together in a collaborative event with industry,” she said.

Arrington said she sees the model as a way to shift from disparate requirements toward a framework focused on securing the defense supply chain.

The draft CMMC v0.4 has five levels ranging from basic cyber hygiene to highly advanced practices and consists of 18 domains, including access control, asset management and incident response.

Public comments on the draft model are due Sept. 25.

Check Also

DIU to Help Navy Adopt Predictive Maintenance; Mike Madsen Quoted

The Defense Innovation Unit is in talks with the U.S. Navy to implement the use of predictive maintenance in the service branch, FCW reported Friday. Mike Madsen, director of strategic engagement at DIU, said at a recent industry event that the unit and U.S. are planning to award a contract on predictive maintenance within fiscal year 2020.