The Pentagon is eliminating the position of CISO for the Under Secretary of Defense for Acquisition and Sustainment – previously held by Katie Arrington – and reassigning responsibility for the CMMC program to fall under Defense Department CIO John Sherman. Six civilians from Acquisition and Sustainment, including CMMC Director Stacy Bostjanick, will move over to the CIO’s office, where they will be overseen by Deputy CIO for Cybersecurity David McKeown. The Supply Chain Risk Management program is also being relocated to the CIO’s office.
Arrington had been with the CMMC program since it was begun, and held the CISO position after it was created in 2019. She was suspended and her security clearance revoked in May 2021, for allegedly disclosing classified information; she sued the department, challenging the move.
Sources:
