Defense

With new statement of work, DOD recommits to its CMMC accreditation body

The document — in the form of a statement of work (SOW) that will replace the initial memorandum of understanding between the Pentagon and the CMMC Accreditation Body — comes after months of at times contentious negotiations.

By Jackson Barnett

October 28, 2020

Katie Arrington, with Kevin Fahey, speaks during a press briefing at the Pentagon, Washington, D.C., Jan. 31, 2020. (DOD / Navy Petty Officer 2nd Class James K. Lee)

The Department of Defense reaffirmed its commitment to work with a volunteer, third-party accreditation body to implement its new cybersecurity standards.

The DOD included a statement of work (SOW) in a no-cost contract issued to the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), officials said. Negotiations over the contents of the SOW have been going on since the summer. It replaces the initial memorandum of understanding outlining the relationship between the two.

The contents of the SOW had been fiercely debated between the two bodies, most acutely over authority and responsibilities over the CMMC standards. The document is in the “final stages of signature,” according to a DOD spokeswoman. So far, no contract information has been posted to beta.sam.gov.

Katie Arrington, the lead CMMC official in the DOD and chief information security officer for acquisition and sustainment, also re-affirmed support for the AB, calling its efforts “tremendous.” CMMC is the DOD’s new set of tiered cybersecurity standards that will apply to all contractors and be subject to verification by certified assessors. Those assessors will be trained and accredited by the AB.

“We have absolutely never varied from being fully supportive of the AB,” Arrington said.

Arrington vowed to “make transparent” the SOW once it is fully executed.

Arrington also denied that she or her office is looking for another accreditation body to replace or compete with the AB accrediting and certifying assessors. Rumors had been circulating that she had met with another accreditation organization, A2LA. Arrington said she met with officials from the A2LA for “10 minutes.”

“We are not interested in issuing another statement of work,” she said.

A2LA did not comment when contacted by FedScoop.

Sources familiar with the negotiations over the SOW have described much more contentious conversations between Arrington and the AB. At times the officials have threatened to drop the current AB, documents reviewed by FedScoop show.

With new statement of work, DOD recommits to its CMMC accreditation body

More Like This

MPEs gain momentum for sharing information with allied partners

State Department officials say they’re trying to set the tone globally on AI usage, as lawmakers question if it’s enough

Oracle approved to handle government secret-level data

Top Stories

Scientists must be empowered — not replaced — by AI, report to White House argues

White House hopeful ‘more maturity’ of data collection will improve AI inventories

404 page: the error sites of federal agencies

Generative AI could raise questions for federal records laws

Cybersecurity executive order requirements are nearly complete, GAO says

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

State Department encouraging workers to use ChatGPT

More Scoops

New rule could impose CMMC-like cyber requirements for civilian agency contractors

Cyber AB launches voluntary CMMC assessment program for defense contractors

OMB guidance presents chance to standardize software bill of materials

DOD exploring requirements for managed service providers under CMMC

DOD not meeting same standards it plans to hold contractors to under CMMC

Pentagon updates timeline for CMMC cybersecurity initiative

Katie Arrington files FOIA lawsuit in bid to obtain records relating to security clearance suspension

Latest Podcasts

With new statement of work, DOD recommits to its CMMC accreditation body

Leveraging modern access management to achieve zero trust

The role of the federal chief AI officer

Los Angeles CIO discusses how AI and cloud technologies transform urban public services

Tech

Defense

Cyber

Acquisition