Katie Arrington, chief information security officer at the office of assistant secretary of defense for acquisition and a 2020 Wash100 Award winner, said the final version of the Department of Defense’s new cybersecurity certification model is due for review Friday and will come with user guides, Nextgov reported Tuesday.
She said her office will then hand over to the accreditation body the Cybersecurity Maturity Model Certification and a memorandum of understanding that details how the certification process will work with current requirements.
“When we hand them the MOU, there will be caveats in it that say we need you to work through your assessors to create reciprocity for government work already done,” Arrington said. “So if your company has been through a [Defense Industrial Base Cybersecurity Assessment Center] audit, there’s going to be reciprocity for that. If you have paid—your company—for an ISO 27001, we will give you credit for those controls that were made.”
She said the Pentagon will issue within weeks a request for information to facilitate the development of a cloud-based database that will be used as a repository for auditors.