CMMC Champion Arrington Heads Back to Pentagon as New CISO
After a hiatus, Katie Arrington returns to the Defense Department, promising to enforce cybersecurity rules and defend CMMC against critics.
Former defense cybersecurity official Katie Arrington returns to the Pentagon as department CISO, she announced in a LinkedIn post Tuesday night.
Arrington previously served as the CISO for Acquisition and Sustainment from 2019 to 2022, where she played a pivotal role in the development of the Cybersecurity Maturity Model Certification (CMMC) program. After she left the Pentagon in 2022, she ran an unsuccessful bid for Congress and later joined Exiger as vice president of Government Affairs.
As CISO for Acquisition and Sustainment, Arrington stewarded CMMC. She was one of the CMMC architects during the pandemic lockdowns and its aftermath.
“World War II changed the way we build things,” Arrington said in May 2020. “9/11 changed the way we moved. COVID has changed the way we interact with one another … cyber has allowed us to [flourish] in the past seven or eight weeks.”
Arrington, whose first time at DOD began during President Donald Trump’s first term, continues to defend CMMC against industry criticism. In a video posted to LinkedIn earlier this month, she defended Pentagon staff working on the regulations amid the presidential transition, complimenting Stacy Bostjanick, Randy Resnick, David McKeown and others. She added that she was “fighting an uphill battle about CMMC” when she was CISO for Acquisition and Sustainment.
In a video posted to LinkedIn in January, Arrington said that the defense industrial base needs CMMC to strengthen its cybersecurity posture and defended CMMC’s rules.
“The auditing capability is needed and necessary, because we can’t trust self-attestation we’ve lost,” Arrington said. “That’s why we’re losing over $180 million a day in the defense industrial base.”
Arrington also said that CMMC is not among the targets of the White House’s executive order to eliminate excessive regulations, adding that the Trump administration is dedicated to cybersecurity.
“He is serious about cybersecurity. Always has been. Don’t pay attention to the people that have been hating on the CMMC for years,” she said in the January LinkedIn video. “We have a very poor national security posture within the industrial base that needs to be cleaned up.”
Before her resignation in 2022, DOD placed Arrington on administrative leave in 2021 because of allegations of disclosing classified information. In her resignation letter, she claimed that her suspension was “politically influenced” and maintained her innocence.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AWS Summit: NIST Secures High-Performance Computing Against Evolving Threats
NIST’s Yang Guo reveals the broad attack surface of high-performance computing and explains developing guidance and future-proofing security strategies.
9m watch -
Trump Overhauls Federal Cybersecurity with New Executive Order
The new directive aims to strengthen digital defenses while rolling back "burdensome" software requirements and refocusing AI security.
3m read -
AWS Summit: Forging Successful Cloud Modernization Partnerships
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
24m watch Partner Content
