In a reorganization of responsibilities, the Department of Defense (DoD) has put the Cybersecurity Maturation Model Certificate (CMMC) program under the oversight of the DoD’s Office of the CIO (OCIO), a shift from being the responsibility of the Under Secretary of Defense for Acquisition and Sustainment (A&S), according to a Feb. 3 release. […]

Katie Arrington is currently on leave as the Department of Defense’s (DoD) chief information security officer (CISO) for acquisition and sustainment, a DoD spokesperson confirmed to MeriTalk. […]

The Department of Defense’s (DoD) Cybersecurity Maturation Model Certification (CMMC) program is in the process of being rolled out to every contract in the Defense Industrial Base (DIB) over the next five years, and the program is expected to help organizations implement Zero Trust practices, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said May 5. […]

Three Defense Federal Acquisition Regulation Supplements (DFARS) related to the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) are set to become permanent rules shortly, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said April 15. […]

Cybersecurity experts stressed this week that Federal agencies must keep stay focused on future threats and on moving toward adoption of zero trust security concepts, although they acknowledged that the latter tasks is “easier said than done.” […]

The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is under internal review at the Pentagon with an eye toward “potential improvements” to implementation of the program, a DoD spokesperson confirmed to MeriTalk. […]

Keith Nakasone, a senior acquisition official at the General Services Administration (GSA), said this week that his agency has held what he called “very early” talks with other Federal agencies aimed at spreading the use of the Cybersecurity Maturity Model Certification (CMMC) security standard through more of the Federal government. […]

By Fiscal Year 2026, every contractor seeking to do business with the Department of Defense (DoD) will be required to have at least a Level 1 Cybersecurity Maturity Model Certification (CMMC), Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said Feb. 3. […]

While the Department of Defense (DoD) is still adjudicating comments on its latest Cyber Maturity Model Certification (CMMC) guidelines, Katie Arrington, CISO for the department of Acquisition at DoD, said the department would be ready to release its first Request for Proposal (RFP) by mid-March. […]

The first steps of the Department of Defense’s (DoD’s) stronger approach to securing the defense industrial base take effect today, setting the stage for full implementation of the Cybersecurity Maturity Model Certification (CMMC) program, said Katie Arrington, the Defense Department’s (DoD) CISO for Acquisition and Sustainment. […]

The Defense Department’s (DoD) current interim rule for the Cybersecurity Maturity Model Certification (CMMC) will take full effect on December 1, said Katie Arrington, CISO for DoD’s acquisition office, at an October 28 virtual event organized by C4ISRNET. […]

The interim rule for the Cybersecurity Maturity Model Certification was posted in the Federal Register on Sept. 29, opening a public comment period for the amended regulation, which is scheduled to become effective November 30. […]

The Department of Defense has changed its acquisition policies in a way that marks, according to a DoD release, “one of the most transformational changes to acquisition policy in decades.” […]

The new cybersecurity standard for contractors in the Department of Defense’s (DoD) supply chain ecosystem is soon to have regulatory backing, according to Katie Arrington, CISO for Acquisition and Sustainment at the DoD. […]

CMMC Academy, an initiative of the cybersecurity firm Celerium, has set a July 22 event to walk companies through the certification process for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). […]

DevSecOps, or development security operations, is not a term that rolls off the tip of your tongue in an “agile” way, but it is a process that is gaining momentum across the Federal government. […]

While the fight regarding the JEDI cloud computing contract between Amazon Web Services (AWS) and the Pentagon drags on, AWS is partnering with the Department of Defense (DoD) in another capacity – the department’s cybersecurity standard for contractors. […]

Katie Arrington, Cybersecurity Maturity Model Certification (CMMC) lead and CISO for acquisition at the Department of Defense’s (DoD) Undersecretary of Defense, confirmed that the CMMC and FedRAMP (Federal Risk and Authorization Management Program) offices are working on a way to grant reciprocity between the two certifications. […]

Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (AB) Chair Ty Schieber and Department of Defense (DoD) Under Secretary of Defense for Acquisition and Sustainment Katie Arrington shared new insights on what CMMC-AB looks like and how companies can expect to interact with it. […]

The Defense Department may just be beginning to implement its new cybersecurity standards for the defense industrial base, but the head of the program said on April 16 she is aiming for the certification program to become the “basis for a global standard” on security. […]

The fifteen-member Cybersecurity Maturity Model Certification Accreditation Body hosted an online meeting of thousands today, with the biggest news being that no third-party assessment groups have yet been appointed to help in the effort by the Defense Department (DoD) to create formal cybersecurity certifications for defense industrial base firms. […]

The Department of Defense is working to get the word out about its new cybersecurity certification for contractors in the Defense Industrial Base. […]

As agencies across the Federal government adjust operations to accommodate COVID-19 coronavirus disruptions, the Department of Defense’s (DoD) CISO for Acquisition Katie Arrington assured stakeholders today that the pandemic is not disrupting the Cybersecurity Maturity Model Certification (CMMC) program. […]

Katie Arrington, CISO for acquisition at the Department of Defense, says a rule change on the Cybersecurity Maturity Model Certification (CMMC) will benefit small businesses looking to work with the Defense Department. […]

Katie Arrington, the Department of Defense’s (DoD) CISO for acquisition and a prime mover for the recently released Cybersecurity Maturity Model Certification (CMMC) program, this week emphasized the vital importance of defense contractors making the switch away from Chinese-built communications equipment.   […]

Katie Arrington, the Defense Department’s (DoD) Chief Information Security Officer for Acquisition and a driving force behind the Pentagon’s recently released Cybersecurity Maturity Model Certification (CMMC) program, voiced a vigorous defense on Feb. 26 of U.S. law and policy that bans the Federal government and its contractors from doing business with China-based network equipment maker Huawei. […]

The Department of Defense (DoD) has released the final version of its Cybersecurity Maturity Model Certification (CMMC), which aims to certify DoD contractors’ cybersecurity practices and bolster supply chain security. […]

Federal and Defense officials spoke at today’s Billington Cybersecurity Summit about procurement cybersecurity challenges they face and the initiatives they’ve launched to combat those hurdles by shifting toward a “security first” approach to acquisition and supply chain management. […]

The Defense Department (DoD) Office of Under Secretary Acquisition of Sustainment is creating a new certification model to streamline DoD’s cybersecurity acquisition processes, Special Assistant to DoD’s Assistant Secretary of Defense Acquisition for Cyber Katie Arrington said at the Professional Services Council Federal Acquisition Conference today. […]