Katie Arrington, chief information security officer in the Department of Defense acquisition office, has said that DoD is looking to require suppliers of prime contractors to meet the foundational requirements for its new certification program, Federal News Network reported Friday.
Arrington, a recipient of the 2020 Wash100 Award, told attendees at an AFCEA-hosted online forum that the Cybersecurity Maturity Model Certification can serve as a tool for mitigating cases of shell companies and foreign-owned entities across the defense supply chain.
“There is a challenge in our supply chain that you may not be aware of,” said Arrington.
“Our adversaries are buying up key suppliers for manufacturers and then cutting off the supply. We need to assure that they’re good companies that are getting into business with you.”
She noted that the current health crisis has shifted the department’s focus to the dependence of its supply chain on foreign companies.
The DoD expects thousands of contractors to achieve CMMC accreditation within five years, the report said.