As agencies across the Federal government adjust operations to accommodate COVID-19 coronavirus disruptions, the Department of Defense’s (DoD) CISO for Acquisition Katie Arrington assured stakeholders today that the pandemic is not disrupting the Cybersecurity Maturity Model Certification (CMMC) program.
Some trainings are being shifted online and the agency faced an initial pause in the face of the pandemic, but rollout of the program is still set to begin later this spring. Classes on CMMC will begin in late April or early May and the certification will start appearing in DoD Requests for Information in June 2020.
“We are continuing with rolling out the CMMC, we are not slowing down,” Arrington said at an April 1 CDM Workshop. “COVID-19 is a horrible event for the globe. But the sun will rise, and we have to continue to march forward. And gratefully and thankfully, the teams have been working virtually on this.”
Already, DoD has enlisted a non-profit organization to train and certify auditors for the CMMC accreditation body, and CMMC instructions for industry went live in January 2020, Arrington said.
“We’re doing our absolute best to stay on track because even though we are in horrible times, we have to have continuity of care and the mission is important,” she explained. If anything, Arrington added, the reliance on tech during the COVID-19 crisis has expressed to everyone “how imperative those practices are.”
“From where I sit right now, it’s important that we save lives first and foremost. Bottom line is you can replace anything but a human life,” Arrington asserted. “but understand that our adversaries at the same time will take advantage … so we need to be as aggressive as possible.”