Katie Arrington Offers Updates on DoD’s Cyber Certification Model

Katie Arrington
Katie Arrington

Katie Arrington, chief information security officer at the office of assistant secretary of defense for acquisition and a 2020 Wash100 Award winner, said the final version of the Department of Defense’s new cybersecurity certification model is due for review Friday and will come with user guides, Nextgov reported Tuesday.

She said her office will then hand over to the accreditation body the Cybersecurity Maturity Model Certification and a memorandum of understanding that details how the certification process will work with current requirements.

“When we hand them the MOU, there will be caveats in it that say we need you to work through your assessors to create reciprocity for government work already done,” Arrington said. “So if your company has been through a [Defense Industrial Base Cybersecurity Assessment Center] audit, there’s going to be reciprocity for that. If you have paid—your company—for an ISO 27001, we will give you credit for those controls that were made.”

She said the Pentagon will issue within weeks a request for information to facilitate the development of a cloud-based database that will be used as a repository for auditors.

DoD issued in September a draft version of CMMC, which establishes cyber practices and standards meant to help the defense industrial base reduce exfiltration of controlled unclassified information.

You may also be interested in...

Gen. Mark Milley

Gen. Mark Milley: AI, Other Emerging Tech Needed to Deter Aggressors, Win Future Wars

Gen. Mark Milley, chairman of the Joint Chiefs of Staff and a four-time Wash100 Award winner, said artificial intelligence, hypersonics, 3D printing, unmanned systems, long-range precision fires and other emerging technologies could transform the conduct of warfare and are needed to win future wars in the event of deterrence failure.