The Defense Department and the CMMC Accreditation Body have agreed on terms for accommodating companies that have already been audited for cybersecurity – such as through the GSA’s Federal Risk and Authorization Management Program – and related memos are reportedly set to be signed. Katie Arrington, CISO for Defense acquisitions, said CMMC will officially provide reciprocity for FedRAMP audits, as well as those conducted by the Defense Industrial Base Cybersecurity Assessment Center since the summer of 2019, and those by the International Organization for Standardization. “I’m going to take any ISO 27001 and provide reciprocity,” Arrington said, referring to the foundational international information security standard.
Source:
