COVID-19 outbreak may delay audits for DOD's cyber certification

By Gorodenkoff Shutterstock ID 771480586 

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

The coronavirus pandemic could alter the Defense Department's timeline for starting required cybersecurity audits.

Katie Arrington, the chief information security officer with the Office of the Undersecretary of Defense for Acquisition, said the first audits for the Cybersecurity Maturity Model Certification and pathfinder projects could be delayed up to a month due to the coronavirus pandemic.

" Is COVID-19 going to impact [CMMC]? Of course. It's impacting every aspect of our life," Arrington said during a Bloomberg Government webinar April 16. "But a two-week push on something is not going to have a massive impact on our roll out of this. We will figure out the new way we go about doing business."

Arrington suggested that auditors would wear masks and employ social distancing practices to complete their duties, and that company representatives present during the audit would "respect each other's personal space."

Arrington went on to say the pandemic wouldn't affect the schedule beyond a "two or three week slip on actually doing the first audit" for the pathfinders, but nothing "significant."

Arrington also said work on the requests for information was in progress and largely unbothered due to telework capabilities.

DOD released its first version of the unified cybersecurity standard in January, aiming to have the first pre-solicitations out by June and the requests for proposals out by October. Arrington previously said in March that the CMMC roll out would have to adapt to restrictions in place due to the global health crisis, largely by performing as many functions as possible virtually.

"The original intent of the training that we have was to have a good portion online. We have to use technology to our advantage," she said.

FCW sought comment from the CMMC Accrediting Body, an independent organization responsible for developing training for CMMC assessors. This story will be updated with any reply.,

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

  • innovation (Sergey Nivens/

    VA embraces procurement challenges at scale

    Steve Kelman applauds the Department of Veterans Affairs' ambitious attempt to move beyond one-off prize-based contests to combat veteran suicides more effectively.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.