Katie Arrington, chief information security officer for the office of the undersecretary of defense for acquisition and a previous Wash100 awardee, said the Department of Defense is determining ways on how to integrate the Cybersecurity Maturity Model Certification requirements into Department of Homeland Security contracts, Nextgov reported Thursday.
“There will be a cyber requirement in every department of defense contract,” Arrington said Thursday at an Armed Forces Communications and Electronics Association meeting. “This is rolling out to other federal agencies. The next one is DHS, we're going to…work through DHS to start implementing the CMMC on their contracts.”
She said the new administration will evaluate the initial contracts to be selected for assessments and that companies can now start the process of securing certification from the CMMC Accreditation Body, which she said has trained and certified approximately 130 independent auditors.
“You should have readily available by spring early summer, a practitioner certified in a geographical area near you,” Arrington said. “If you wanted to go out and get a certification you could, you do not need to wait.”