Katie Arrington: DoD Projects 7.5K CMMC-Certified Companies by 2021

Katie Arrington: DoD Projects 7.5K CMMC-Certified Companies by 2021
Katie Arrington DoD

Katie Arrington, a 2020 Wash100 Award winner and chief information security officer for defense acquisition, said she expects the Pentagon’s new cybersecurity vetting program to certify 7,500 companies by 2021, National Defense Magazine reported Thursday.

Arrington told attendees at a Celerium-hosted webinar that the Department of Defense (DoD) plans to release requests for proposals that include Cybersecurity Maturity Model Certification (CMMC) version 1 requirements following the implementation of amendments in the Defense Federal Acquisition Regulation Supplement (DFARS).

She noted that she anticipates these solicitations to be released in September or October 2020.

“I think that five years from now, it's part of a national standard, it's part of how we do business,” added Arington.

The CMMC program requires potential contractors to undergo cybersecurity assessments by DoD-certified independent auditors. The program’s framework is comprised of five levels, with Level 5 having the strictest requirements.

You may also be interested in...


DHS, NIST List Goals for Cyber Best Practices

The Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST) have jointly classified cybersecurity practices into nine categories as bases for cyber performance goals. The nine categories each have specific objectives with regard to how secure control systems are operated and deployed, NIST said Thursday.