Katie Arrington, the Department of Defense’s CISO for acquisition, says she is concerned that DoD will not have enough available assessors for in-person audits as it implements the Cybersecurity Maturity Model Certification program. “My biggest concern on the rollout…is making sure that I have enough assessors in the geographical area for the assessments as we roll these pilot programs out,” Arrington remarked during a keynote presentation at the virtual CyberSheath’s virtual CMMC conference. Some audits must be conducted on-site, which will involve travel and in-person contact with proper health precautions and social distancing. The CMMC Accreditation Board began training assessors last summer, but so far only a few of the estimated 2,000 required auditors are ready.
