COVID-19 outbreak may delay audits for DOD's cyber certification
- By Lauren C. Williams
- Apr 17, 2020
The coronavirus pandemic could alter the Defense Department's timeline for starting required cybersecurity audits.
Katie Arrington, the chief information security officer with the Office of the Undersecretary of Defense for Acquisition, said the first audits for the Cybersecurity Maturity Model Certification and pathfinder projects could be delayed up to a month due to the coronavirus pandemic.
"Is COVID-19 going to impact [CMMC]? Of course. It's impacting every aspect of our life," Arrington said during a Bloomberg Government webinar April 16. "But a two-week push on something is not going to have a massive impact on our roll out of this. We will figure out the new way we go about doing business."
Arrington suggested that auditors would wear masks and employ social distancing practices to complete their duties, and that company representatives present during the audit would "respect each other's personal space."
Arrington went on to say the pandemic wouldn't affect the schedule beyond a "two or three week slip on actually doing the first audit" for the pathfinders, but nothing "significant."
Arrington also said work on the requests for information was in progress and largely unbothered due to telework capabilities.
DOD released its first version of the unified cybersecurity standard in January, aiming to have the first pre-solicitations out by June and the requests for proposals out by October. Arrington previously said in March that the CMMC roll out would have to adapt to restrictions in place due to the global health crisis, largely by performing as many functions as possible virtually.
"The original intent of the training that we have was to have a good portion online. We have to use technology to our advantage," she said.
Defense Systems sought comment from the CMMC Accrediting Body, an independent organization responsible for developing training for CMMC assessors. This story will be updated with any reply.
This article first appeared on FCW, a partner site with Defense Systems.
Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.