Katie Arrington, CISO at the DoD office for acquisition and sustainment, said the Pentagon will begin rolling out the Cybersecurity Maturity Model Certification version 1.0 rules this year. The biggest challenge presented by COVID-19 includes figuring out how to conduct on-site audits of companies’ cybersecurity readiness, she noted. “We’re trying to figure out ways around that,” Arrington said, comparing it to the protocols for a home visit by “the cable guy.” Defense contractors should still expect to see new CMMC requirements in requests for proposals issued in November, Arrington added.
