CMMC Champion Arrington Heads Back to Pentagon as New CISO
After a hiatus, Katie Arrington returns to the Defense Department, promising to enforce cybersecurity rules and defend CMMC against critics.
Former defense cybersecurity official Katie Arrington returns to the Pentagon as department CISO, she announced in a LinkedIn post Tuesday night.
Arrington previously served as the CISO for Acquisition and Sustainment from 2019 to 2022, where she played a pivotal role in the development of the Cybersecurity Maturity Model Certification (CMMC) program. After she left the Pentagon in 2022, she ran an unsuccessful bid for Congress and later joined Exiger as vice president of Government Affairs.
As CISO for Acquisition and Sustainment, Arrington stewarded CMMC. She was one of the CMMC architects during the pandemic lockdowns and its aftermath.
“World War II changed the way we build things,” Arrington said in May 2020. “9/11 changed the way we moved. COVID has changed the way we interact with one another … cyber has allowed us to [flourish] in the past seven or eight weeks.”
Arrington, whose first time at DOD began during President Donald Trump’s first term, continues to defend CMMC against industry criticism. In a video posted to LinkedIn earlier this month, she defended Pentagon staff working on the regulations amid the presidential transition, complimenting Stacy Bostjanick, Randy Resnick, David McKeown and others. She added that she was “fighting an uphill battle about CMMC” when she was CISO for Acquisition and Sustainment.
In a video posted to LinkedIn in January, Arrington said that the defense industrial base needs CMMC to strengthen its cybersecurity posture and defended CMMC’s rules.
“The auditing capability is needed and necessary, because we can’t trust self-attestation we’ve lost,” Arrington said. “That’s why we’re losing over $180 million a day in the defense industrial base.”
Arrington also said that CMMC is not among the targets of the White House’s executive order to eliminate excessive regulations, adding that the Trump administration is dedicated to cybersecurity.
“He is serious about cybersecurity. Always has been. Don’t pay attention to the people that have been hating on the CMMC for years,” she said in the January LinkedIn video. “We have a very poor national security posture within the industrial base that needs to be cleaned up.”
Before her resignation in 2022, DOD placed Arrington on administrative leave in 2021 because of allegations of disclosing classified information. In her resignation letter, she claimed that her suspension was “politically influenced” and maintained her innocence.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Securing AI Amid Rising Risks
NIST and Maximus explore how AI is transforming threat detection, identity protection and edge security and discuss how agencies can keep pace with the rapid tech changes.
20m watch -
Growing Cyber Risks Push EPA to Modernize Water Sector Security
EPA is expanding cybersecurity guidance and technical support to help water systems defend against increasingly sophisticated cyberattacks.
3m read -
Congress Seeks 10-Year Renewal of Cyber Threat Sharing Law
The PAACT Act seeks a 10-year CISA 2015 reauthorization to improve threat reporting and strengthen federal cyber defenses.
2m read -
White House Eyes New Pillar in Cyber Strategy Refresh
Sean Cairncross unpacked the upcoming national cybersecurity strategy's new deterrence pillar and expansion of public-private collaborations.
4m read
