Future Trends

DOD to Implement CMMC Requirements in DHS Contracts

Department of Homeland


DOD to Implement CMMC Requirements in DHS Contracts

The Department of Defense plans to include the requirements under its Cybersecurity Maturity Model Certification program in contracts offered by the Department of Homeland Security, an official said. 

Katie Arrington, the DOD's chief information security officer for acquisition and sustainment, said the CMMC will remain priority, adding that its model is useful across the government, Nextgov reported

“There will be a cyber requirement in every Department of Defense contract. This is rolling out to other federal agencies. The next one is DHS, we're going to work through DHS to start implementing the CMMC on their contracts," Arrington, a past Potomac Officers Club event speaker and a 2020 Wash100 winner said during an Armed Forces Communications and Electronics Association virtual meeting Thursday.

The CMMC is a new standard for implementing cybersecurity and information security controls across the defense industrial base, which CSO Online estimates to include more than 300,000 companies. 

In July 2020, the General Services Administration included CMMC cybersecurity standards in its $50 billion Streamlined Technology Application Resource for Services III government-wide acquisition contract. 

The GSA has since decided to continue implementing new cybersecurity and information control requirements in large acquisition contracts, according to Keith Nakasone, a high-ranking official in the agency's Office of Information Technology category. 

Arrington previously said she expects two more federal agencies to adopt CMMC requirements in 2021. 

She encouraged companies to be proactive in seeking accreditation from the CMMC Accreditation Body, which she estimates has trained and certified 130 independent assessors. 

Arrington said certified practitioners should be available by spring or early summer. 

Category: Future Trends