Speaker News

DoD Anticipates 7.5K Companies to be CMMC-Compliant in 2021

Department of Defense

DoD Anticipates 7.5K Companies to be CMMC-Compliant in 2021

Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment, estimates that about 7.5K companies across the defense industrial base will have secured compliance with the mandatory requirements under the Cybersecurity Maturity Model Certification program in 2021.

Speaking at a Celerium-hosted webinar, Arrington said that while the estimate may appear seemingly low, the number of expected CMMC certified companies in 2021 should be enough to support the Department of Defense’s contract engagements over the next three years.  

Tommy McDowell, general manager at Celerium, believes that hitting the 7.5K estimate would position the DoD to potentially begin awarding contracts adhering to CMMC standards by the year-end ahead of the January 2021 target, the National Defense Magazine reported Thursday.

According to the CMMC timeline laid out by the DoD, all defense solicitations should include CMMC standards by 2026. In keeping with the CMMC program, defense contractors must secure a third-party certification verifying whether they have the cybersecurity safeguards necessary to do business with the DoD. Defense companies will have to comply with one of five varying levels of cybersecurity requirements depending on the importance of a certain contract. 

While the CMMC program is still awaiting full implementation until 2026, the DoD intends to start issuing solicitations with CMMC requirements sometime between September and October. 

However, Arrington, a past Potomac Officers Club event speaker and 2020 Wash100 winner, noted that the DoD must first implement a rule change in the Defense Federal Acquisition Regulation Supplement to formally include CMMC standards in defense solicitations. 

The DoD intends to open a 60-day public commenting period on the DFAR rule, after which it would be published with the feedback incorporated in it. 

Looking ahead, Arrington anticipates that the CMMC would serve as a blueprint for several government agencies and organizations in the coming years. The CMMC would be a national standard and would be integrated in the way organizations do business, she said. 

Category: Speaker News

Tags: Celerium CMMC Cybersecurity Maturity Model Certification cybersecurity requirement Defense Federal Acquisition Regulation Supplement Department of Defense DFARS Katie Arrington National Defense Magazine Speaker News Tommy McDowell