Katie Arrington, special assistant to the assistant secretary of defense for acquisition for cyber, said the impending unified Cybersecurity Maturity Model Certification for contractors could allow for some FedRAMP reciprocity.
Arrington stressed that certification was a “go or no go” threshold, and that companies who implement only 80 percent of the NIST 171 requirements won’t make the cut. But if possible, FedRAMP reciprocity would mean contractors won’t completely lose out on their prior investment, she added.
Arrington argued that the new approach should allow contractors to command a higher price for their more-secure services. She also emphasized that CMMC will eventually be required for anyone who wants to do business with the Defense Department, regardless of their current contracts or relationships.