DoD Finalizing New Contract With CMMC AB

Katie Arrington, the Department of Defense's chief information security officer for acquisition, confirmed that the Pentagon is closing in on signing a new agreement with the Cybersecurity Maturity Model Certification Accreditation Body to facilitate the implementation of new security standards under CMMC. 

Speaking at a NeoSystems-hosted webinar, Arrington, a past Potomac Officers Club event speaker, said the DoD is finalizing the statement of work of a no-cost contract with the CMMC AB that will last for more than five years. 

The CMMC AB initially inked a memorandum of agreement with the DoD in March to establish an enterprise-wide CMMC standard that contractors have to comply with in order to secure contracts with the department.

The group has since trained auditors who will be tasked with conducting third party assessments on defense contractors to make sure that their cybersecurity practices are up to snuff. According to Arrington, the CMMC AB has already completed two provisional training classes for CMMC auditors.  

While the CMMC AB has been largely involved with certain aspects of the CMMC, the new SOW might require the group to spin off portions of the certification process to accreditation bodies certified by the International Organization for Standardization. Arrington explained that spinning off ISO-certified accreditation bodies is needed to maintain the market’s competitive nature in the long term. 

Moving forward, Arrington said she wants to establish a federally funded research and development center to perform certification duties similar to that of the CMMC AB. She envisions the FFRDC to create a gateway for products and provide the “good housekeeping seal” for CMMC. However, she acknowledged that setting up an FFRDC requires Congressional appropriations, which could prove difficult to secure.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Speaker News

Join Us Now