Speaking at the Billington Cybersecurity conference last week, Katie Arrington, the Defense Departments’ chief information security officer for acquisition, said DoD has not yet figured out how vendors will be able to save money under the Cybersecurity Maturity Model Certification by leveraging other government cybersecurity certification programs. Those cost savings have been one of the key selling points of the program. Arrington has previously said companies should get some credit for investments they’ve already made in programs like the Federal Risk and Authorization Management, but indicated that it and other programs aren’t fully equivalent to CMMC and may require additional investments.
Cybersecurity, Privacy, & AI
Trending Now
Agriculture Department Kicks Off $300M Palantir Deal on IT, National Security Work • Vercel Attack Fallout Expands to More Customers and Third-Party Systems • Seeing the Cyber in Economic Statecraft • Responding to a Data Breach: How to Preserve the Attorney-Client Privilege • NIST Cyber Center to Launch OT ‘Visibility’ Project
CMMC Reciprocity Guidelines are Still a Work in Progress
DR MANAGERÂ | Shutterstock
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.