COVID-19 outbreak may delay audits for DOD's cyber certification

By Gorodenkoff Shutterstock ID 771480586 

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

The coronavirus pandemic could alter the Defense Department's timeline for starting required cybersecurity audits.

Katie Arrington, the chief information security officer with the Office of the Undersecretary of Defense for Acquisition, said the first audits for the Cybersecurity Maturity Model Certification and pathfinder projects could be delayed up to a month due to the coronavirus pandemic.

" Is COVID-19 going to impact [CMMC]? Of course. It's impacting every aspect of our life," Arrington said during a Bloomberg Government webinar April 16. "But a two-week push on something is not going to have a massive impact on our roll out of this. We will figure out the new way we go about doing business."

Arrington suggested that auditors would wear masks and employ social distancing practices to complete their duties, and that company representatives present during the audit would "respect each other's personal space."

Arrington went on to say the pandemic wouldn't affect the schedule beyond a "two or three week slip on actually doing the first audit" for the pathfinders, but nothing "significant."

Arrington also said work on the requests for information was in progress and largely unbothered due to telework capabilities.

DOD released its first version of the unified cybersecurity standard in January, aiming to have the first pre-solicitations out by June and the requests for proposals out by October. Arrington previously said in March that the CMMC roll out would have to adapt to restrictions in place due to the global health crisis, largely by performing as many functions as possible virtually.

"The original intent of the training that we have was to have a good portion online. We have to use technology to our advantage," she said.

FCW sought comment from the CMMC Accrediting Body, an independent organization responsible for developing training for CMMC assessors. This story will be updated with any reply.,

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected