The Latest on Compliance for DOD’s CMMC

Thu, 07/31/2025

Defense officials have urged contractors to prioritize compliance with the department’s CMMC 2.0 rule, released at the end of 2024.

Learn more about:

The phases for CMMC implementation.
Pentagon cyber chief Katie Arrington’s vision for CMMC’s future.
How IT modernization supports CMMC compliance.

Download the Deep Dive PDF

Featuring

Katie Arrington Performing the Duties of the CIO, DOD
Katie Arrington
- Performing the Duties of the CIO
- DOD
Katherine “Katie” Arrington is a member of the Senior Executive Serves and serves as the Chief Information Security Officer for Acquisition and Sustainment (CISO(A&S)) within the office of the Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)). In this position, she serves as the central hub and integrator within the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) to align acquisition and sustainment cyber strategy and efforts to enhance cyber security within the Defense Industrial Base.

As the CISO(A&S), Ms. Arrington is responsible to ensure the incorporation of integrated security/cyber efforts within USD(A&S) with the purpose of providing a focused and streamlined governance approach, provide a central coordination point and common compliance standard that serves to synchronize the various existing disparate cyber security efforts and standards across the Department and Industry as it relates to Department of Defense acquisition and sustainment efforts.

Ms. Arrington is leading efforts that help ensure a secure Defense Supply Chain through the implementation of Trusted Capital vendors and Supply Chain Risk Management principles, enhance Defense Industrial Base security and resilience, and establish a common cyber security standard within Departmental acquisition efforts. She also synchronizes these efforts across the Department, other federal agencies, and works with legislators to ensure Departmental authorities and actions align and support the nation’s security goals.

Before assuming her position as CISO(A&S), Ms. Arrington has an extensive career as a legislator and senior cyber executive in private industry. Ms. Arrington was a 2018 candidate for the US House of Representatives for South Carolina and served for 2 terms as a South Carolina State Representative. She has extensive experience in cyber strategy, policy, enablement and implementation across a wide range of business sectors and governmental levels. She has over 15 years of cyber experience acquired through positions at Booz Allen Hamilton, Centuria Corporation, and Dispersive Networks. These positions have given her a unique experience of supporting and work with the government at large, small, and non-traditional contracting firms.

Ms. Arrington is married to Robert and resides in Summerville, South Carolina and is a proud parent of three children and grandparent to four grandbabies.
Stacy Bostjanick Chief Defense Industrial Base Cybersecurity, DOD
Stacy Bostjanick
- Chief Defense Industrial Base Cybersecurity
- DOD
Ms. Stacy Bostjanick is a member of the Senior Executive Service and serves as the Chief Defense Industrial Base Cybersecurity, Deputy Chief Information Officer for Cybersecurity (DCIO(CS)), Office of the Chief Information Officer. In this position, she serves as the focal point within the DoD CIO to implement the Cybersecurity Maturity Model Certification (CMMC) program across the Defense Industrial Base (DIB).

As the CMMC Director, Ms. Bostjanick is responsible for shepherding this critical program though the Code of Federal Regulation System rulemaking process for both the CFR 32 and 48 and ultimately implementing the program across the more than 220,000 companies that make up the DIB. This includes collaborating across the Federal Government with partners such as the Department of Homeland Security and the other members of the Federal Acquisition Security Council, to standardize this process and truly federalize it. In this role, she also directs the Department’s efforts to educate DIB partners on programatic requirements and ensures that DoD implements risk information sharing though the program’s execution. Additionally, Ms. Bostjanick is responsible for ensuring the Defense Acquisition community is trained and capable of including these requirements in their Programs and Acquisitions.

Prior to joining the CIO, Ms. Bostjanick served as the Director of SCRM for OCISO(A&S), where she was responsible for ensuring the incorporation of integrated supply chain efforts within USD(A&S). Ms. Bostjanick has an extensive career as an Acquisition Professional with roles that include the head of DIA’s Contracting Activity, and the Senior Contracting Officer for the Missile Defense Agency on the Standard Missile 3 Block IA and IB development and production program. She was responsible for cradle-to-grave execution of over $5 billion of highly-complex, cutting-edge contracts for our nation’s missile defense systems. Ms. Bostjanick has also served as the Deputy Procurement Executive with the Office of the Director of National Intelligence where she had responsibility for establishing Intelligence Community Enterprise-wide Policy and submissions to the Program Management Plan on an annual basis.

Ms. Bostjanick has had numerous awards and accomplishments throughout her career including the Naval Meritorious Civilian Service Award, David Packard Excellence in Acquisition Award, Office of the Secretary of Defense Certificate of Appreciation, the Director of National Intelligence Award for Collaboration Leadership, National Intelligence Meritorious Citation, and the Small Business Award.
Aaron Kinworthy VP Public Sector, NinjaOne
Aaron Kinworthy
- VP Public Sector
- NinjaOne
Aaron Kinworthy is a seasoned technology executive with a track record of driving growth and innovation in the public sector over the last 20 years in the Washington DC area. As the newly appointed Vice President of Public Sector at NinjaOne, he brings extensive experience from leadership roles at both ServiceNow and Databricks, where he spearheaded initiatives to modernize government operations through data-driven solutions and cloud-based platforms and build hypergrowth sales teams. At ServiceNow, Aaron played a pivotal role in expanding the company’s federal footprint, helping agencies streamline workflows and enhance service delivery. Previously, at Databricks, he led federal sales efforts, empowering government organizations with advanced analytics and AI-driven insights to improve mission outcomes. With a deep understanding of the intersection between technology and public service, Aaron is committed to advancing digital transformation initiatives that drive efficiency, security, and innovation across federal, state, and local agencies. He’s also has a masters in dad jokes and plays a mean pickleball game, ready to take on opponents anytime, anywhere.