Katie Arrington, a 2020 Wash100 Award winner and chief information security officer for defense acquisition, said she expects the Pentagon’s new cybersecurity vetting program to certify 7,500 companies by 2021, National Defense Magazine reported Thursday.
Arrington told attendees at a Celerium-hosted webinar that the Department of Defense (DoD) plans to release requests for proposals that include Cybersecurity Maturity Model Certification (CMMC) version 1 requirements following the implementation of amendments in the Defense Federal Acquisition Regulation Supplement (DFARS).
She noted that she anticipates these solicitations to be released in September or October 2020.
“I think that five years from now, it's part of a national standard, it's part of how we do business,” added Arington.
The CMMC program requires potential contractors to undergo cybersecurity assessments by DoD-certified independent auditors. The program’s framework is comprised of five levels, with Level 5 having the strictest requirements.