Katie Arrington, DoD, Discusses CMMC Rollout

On Thursday, November 12, INSA's Executive Vice President, John Doyon, sat down with Katie Arrington, the Chief Information Security Officer to the Assistant Secretary of Defense for Acquisition, to discuss the rollout of OUSD's Cybersecurity Maturity Model Certification (CMMC).

Ms. Arrington discussed the release of the CMMC pilot program that will become effective on December 1, 2020, and includes 15 contracts in FY21. DoD has estimated that 1,500 companies will be CMMC certified in FY21 and anticipates the entire rollout will take about 5 years.

She explained that the Certification will be a go/no-go decision to ensure assessments are equal for all and highlighted how security is not a one-size-fits-all system, assuring the audience that CMMC assessors will help organizations determine what level of security is necessary to protect their company's cyber infrastructure. The ultimate goal is for large companies and small business to adopt this maturity model and continue to build on their critical thinking around cybersecurity.

Ms. Arrington noted that when organizations fail to frequently change passwords, appropriately mark documents, and implement two-factor authentication it causes harm to the supply chain. She also emphasized how important it is for companies involved in the national security supply chain to be aware of this risk because adversaries will continue their attempts to damage supply chain infrastructure.

Ms. Arrington highlighted how OUSD is committed to achieving effective communication and coordination with industry in order to ensure better cybersecurity throughout the supply chain. She concluded with some encouraging remarks, telling the audience to "test negative, stay positive, be kind, and know that we are all in this together."

Related Media: