Chief Information Security Officer for the Office of the Under Secretary of Defense for Acquisition
U.S. Department of Defense (DOD)
Katie Arrington, CISO for DoD Acquisition Office, Named to 2020 Wash100 for Advancing New Cyber Framework, Culture Change
Executive Mosaic is honored to introduce Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition, as an inductee into the 2020 edition of the Wash100 Award for her role in the Department of Defense’s Cybersecurity Maturity Model Certification initiative. This honor marks Arrington’s first Wash100 win.
The DoD released on Jan. 31 the final version of the CMMC, which seeks to certify the cybersecurity practices of contractors and help strengthen the security of the supply chain.
At a press conference, Arrington joined other department officials to talk about the process progression levels under the new cyber framework and announced that the CMMC accrediting body will have an informational website in place by March or early April.
“It was critically important for us to engage and receive feedback from all key stakeholders throughout the process so we could build the best model possible,” Arrington said. “Their feedback – plus thousands of public comments – received between September and December 2019 helped earlier iterations of the draft CMMC models.”
She said the department will issue within weeks a request for information to facilitate the development of a cloud-based database that will be used as a repository for auditors.
Arrington noted that the new cyber certification model was specifically designed for small businesses, which are being targeted by nation state-backed cyber attacks, and seeks to get a better oversight of the supply chain.
“Every company within the DoD supply chain — not just the defense industrial base, but the 300,000 contractors — are going to have to get certified to do work with the Department of Defense,” Arrington said at the Intelligence and National Security Summit. “We get everyone on a level-set playing field for cybersecurity, and then we can really start looking at our supply chain, where our most and greatest vulnerabilities lie and how we can work together in a collaborative event with industry.”
In November, Arrington said that DoD considers opening the Cybersecurity Maturity Model Certification initiative up for a reciprocity process with the General Services Administration’s Federal Risk and Authorization Management program to facilitate the transition.
“I think that there's a lot of reciprocity to be had there because it's an investment that you've already made," Arrington said during a panel discussion at the CDM Summit. "The challenge is when we get certified you have to ensure for the CMMC, those POAMs, those plans of action are closed so that we can validate.”
Arrington cited the need for a “change of culture” in government acquisition to prevent theft of defense secrets by foreign adversaries. “It’s going to take time, it’s going to be painful, and it’s going to cost money,” she said at an event in October.
Arrington joined the Pentagon in January 2019. She previously served in the House as a representative for the state of South Carolina and held leadership roles at several companies, including Booz Allen Hamilton, Centuria and Dispersive Technologies.
Executive Mosaic congratulates Katie Arrington for her 2020 Wash100 Award selection.
About The Wash100
The Wash100 Award, now in its seventh year, recognizes the most influential executives in the GovCon industry as selected by the Executive Mosaic team in tandem with online nominations from the GovCon community. Representing the best of the private and public sector, the winners demonstrate superior leadership, innovation, reliability, achievement and vision.
Visit the Wash100 site to learn about the other 99 winners of the 2020 Wash100 Award. On the site, you can submit your 10 votes for the GovCon executives of consequence that you believe will have the most significant impact in 2020.