Summary
Katie Arrington, the acting chief information officer of the Department of Defense (DOD), has little patience for contractors who voice complaints about the Cybersecurity Maturity Model Certification (CMMC). With her background leading the initiative under the Trump administration, she emphasises that the compliance requirements have been in place for over a decade, referencing standards from NIST 800-171. Arrington criticises ongoing complaints, hinting that they may provoke audits from the Defence Contract Management Agency, as she pushes for a more rigorous enforcement strategy and a shift towards a robust cybersecurity posture within the DOD.
Key Points
- Katie Arrington warns contractors that grievances about CMMC compliance will lead to increased scrutiny.
- CMMC requires contractors to undergo third-party audits, moving away from self-certification.
- Arrington urges a cultural shift within DOD towards ‘trust but verify’ in cybersecurity practices.
- Plans for new software fast-tracking processes are set to expedite authority-to-operate approvals.
- Continuous monitoring and risk assessment are emphasised over traditional methods.
Why should I read this?
If you’re in the defence contracting space, this article is a must-read! Arrington’s comments pack a punch, highlighting the serious implications of non-compliance with cybersecurity standards. It’s a wake-up call for companies to get their act together or risk being left in the dust – or worse, under scrutiny from the government. We’ve done the heavy lifting for you, dive in to save yourself the hassle!