Speaker News

Interim CMMC Rule to Take Effect on Dec. 1

Katie Arrington

CISO

DoD

Interim CMMC Rule to Take Effect on Dec. 1

Katie Arrington, chief information security officer of defense for acquisition and sustainment, said the Pentagon is not letting up on the Cybersecurity Maturity Model Certification, with the interim rule slated to take effect on Dec. 1

Speaking at an INSA-hosted event, Arrington, a past Potomac Officers Club event speaker and 2020 Wash100 winner, said the Pentagon plans on announcing the first 15 CMMC-compliant contracts when the rule goes live. 

Breaking Defense reports that the initial wave of CMMC contracts will be dedicated to supporting the service branches, combatant commands and parts of the Pentagon’s Fourth Estate, including the Missile Defense Agency. 

At least 1.5K contractors and subcontractors, all of which need to be CMMC certified, are expected to work together to fulfill the services outlined in the contracts. 

According to Arrington, CMMC is going to be a go/no-go decision. The goal is to make source selection equal for all companies that comply with the new cybersecurity standards. 

While prime contractors’ compliance with CMMC regulations is already a given, the Pentagon expects subcontractors to be able to handle lower-level cybersecurity or display the same level of compliance as their primes especially when it comes to very sensitive information. 

The establishment of new cybersecurity standards means the Pentagon can finally stop working with contractors that leave vulnerabilities unfixed. Arrington asserted that poor cybersecurity practices, including failure to change passwords and implement two-factor authentication, cause harm to the defense supply chain.

Category: Speaker News

Tags: Breaking Defense cybersecurity Cybersecurity Maturity Model Certification Department of Defense interim rule Katie Arrington Pentagon Speaker News