DOD names chair for cyber certification program

cybersecurity (vs148/ 

The Defense Department has named a chair to lead its impending cybersecurity certification program.

Ty Schieber, the senior director for executive education at the University of Virginia’s Darden School Foundation, will head a 13-member governing body for the organization charged with certifying auditors for DOD’s upcoming unified cybersecurity standard, the Cybersecurity Maturity Model Certification.

Inside Defense first reported the news.

Members of the governing body will come from the defense industrial base, the cybersecurity community and academia. Selection is underway, DOD spokesman Lt. Col. Mike Andrews told FCW.

The selection process is expected to wrap by the end of January. DOD is also on track to finish and release the final version of the CMMC plan.

"The plan is for the initial subset of contracts with the CMMC requirement to be identified in Requests for Information in the June 2020 time frame, with the corresponding Requests for Proposals released in the September 2020 time frame," Andrews said.

"The CMMC certificate will be required at the time of contract award," he said.

The CMMC model has garnered praise from senior defense officials, such as Navy CIO Andrew Weis, for having the "right perspective" and criticized by industry, namely small-business advocates, regarding its cost. But DOD is intent on creating a cyber-validation standard that doesn’t rely on a company’s self-assessment.

Defense acquisition head Ellen Lord previously said there were concerns about supply chain vulnerabilities six to seven levels down from prime contractors and that DOD is working on ways to minimize costs for small businesses. Part of that plan is having primes and trade associations take on a mentor role for smaller companies to usher them through the certification process.

Katie Arrington, chief information security officer in DOD's acquisition office, also said that while CMMC will be required for defense contracts, there’s discussion of developing a reciprocity arrangement with other cyber certifications, such as the Federal Risk and Authorization Management Program.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

Stay Connected