Defense Secretary Pete Hegseth has appointed Katie Arrington acting chief information officer (CIO) of the Department of Defense (DoD), just weeks after Arrington announced her return to the department as its chief information security officer (CISO).
The DoD Office of the CIO announced the leadership change in a LinkedIn Post. The post also says that Leslie Beavers, who has served as the acting CIO since John Sherman’s departure last summer, will now return to her role as principal deputy CIO.
According to a DoD spokesperson, Arrington officially began her duties as acting CIO on Monday. It is still uncertain whether President Trump intends to nominate Arrington for the position permanently, as the role requires Senate confirmation.
The DoD spokesperson stated that the department has no additional comments at this time, including on the appointment of a new CISO for the agency.
Arrington returned to the Pentagon as CISO last month after serving in several private sector roles and running for Congress in 2022, according to her LinkedIn page.
Arrington first joined the Pentagon during President Trump’s first term in office, serving as the DoD’s CISO for acquisition and sustainment from 2020 to early 2022. Before that, from 2019 to 2020, she was special assistant to the assistant secretary of defense for acquisition, focusing on cybersecurity issues across the DoD’s acquisition and sustainment organizations.
Notably, during her time at the DoD, Arrington was regarded as a key architect of the department’s Cybersecurity Maturity Model Certification (CMMC) program. The program aims to enhance the cybersecurity posture of the defense industrial base and contractors by requiring them to meet minimum cybersecurity standards to bid on contracts.
The CMMC rule went into effect last December, but full implementation of the program is still pending the revision of the Defense Federal Acquisition Regulation Supplement (DFARS) clause and the final publication of the rule in the Federal Register.
DoD expects to publish the DFARS follow-on rule to officially implement the CMMC program in early to mid-2025.
