Katie Arrington Offers Updates on DoD’s Cyber Certification Model

Katie Arrington
Katie Arrington

Katie Arrington, chief information security officer at the office of assistant secretary of defense for acquisition and a 2020 Wash100 Award winner, said the final version of the Department of Defense’s new cybersecurity certification model is due for review Friday and will come with user guides, Nextgov reported Tuesday.

She said her office will then hand over to the accreditation body the Cybersecurity Maturity Model Certification and a memorandum of understanding that details how the certification process will work with current requirements.

“When we hand them the MOU, there will be caveats in it that say we need you to work through your assessors to create reciprocity for government work already done,” Arrington said. “So if your company has been through a [Defense Industrial Base Cybersecurity Assessment Center] audit, there’s going to be reciprocity for that. If you have paid—your company—for an ISO 27001, we will give you credit for those controls that were made.”

She said the Pentagon will issue within weeks a request for information to facilitate the development of a cloud-based database that will be used as a repository for auditors.

DoD issued in September a draft version of CMMC, which establishes cyber practices and standards meant to help the defense industrial base reduce exfiltration of controlled unclassified information.

You may also be interested in...

Supply Chain Mgmt

DLA, GSA Officials Talk Supply Chain Mgmt Priorities

The Defense Logistics Agency (DLA) has employed additive manufacturing and other techniques in its supply chain operations to support missions including the delivery of 10,000 face shields to health workers in New York City. Sly Ahn noted that the agency also used a “reverse logistics approach” to its missions beyond COVID-19 response.