CMMC's Arrington sues DOD to clear her name

Chief Information Security Officer for Acquisitions Katie Arrington discusses the Cybersecurity Maturity Model Certification with the Norwegian National Defense and Security Industries Association, the Pentagon, Washington, D.C., Jan. 13, 2021. (DoD photo by Air Force Staff Sgt. Brittany A. Chase) 

Katie Arrington briefs a Norwegian defense industry association via video conference on the CMMC program in January, 2021. (DOD photo by USAF Staff Sgt. Brittany A. Chase)

Katie Arrington, who spearheaded the Cybersecurity Maturity Model Certification program at the Department of Defense, filed a lawsuit on Tuesday to spur the Pentagon into resolving her languishing personnel case.

Arrington's security clearance was suspended on May 11 according to the lawsuit, which was filed in the U.S. District Court for the District of Columbia. One day after the clearance suspension, Arrington was placed into paid, non-duty status.

According to the complaint, the memorandum suspending Arrington's clearance stated that the action "is being taken as a result of a reported unauthorized disclosure of classified information and subsequent removal of access" by the National Security Agency.

Since then, Arrington has been unable to fulfill her duties as chief information security officer for acquisition and sustainment. Most prominent among these duties is the management of the CMMC program, which is designed to compel compliance with a strict cybersecurity regime among defense contractors. The program has proved controversial, especially among small businesses, because of concerns about costs.

The lawsuit alleges that the move to sideline Arrington "was designed to interfere" with the running of CMMC, "which NSA did not support."

Additionally, Arrington's political background as an elected Republican state representative in South Carolina and as a 2018 candidate for Congress endorsed by then-President Donald Trump is not winning her friends in the Pentagon, according to the lawsuit. The lawsuit alleges that "certain high-ranking DOD officials" are "using the NSA's decision as a pretext to remove her."

The lawsuit also points to "unknown individuals within DOD [who] have improperly, and possibly illegally, leaked privacy protected information concerning [Arrington] to unauthorized third parties for the purpose of further causing harm." This information, much of which has been shared on LinkedIn, a hotbed of CMMC commentary, includes what the complaint characterizes as "completely false and defamatory" information, including assertions that Arrington had been fired by DOD or that her clearance had been revoked.

After five months of non-duty status, Arrington is seeking some answers. "It is rare that an individual holding a Senior Executive Service position … would be left dangling in this way," the complaint states, adding that defense officials "are purposefully delaying or failing to take action in this matter in order to compel [Arrington] to resign."

Arrington is asking for DOD to complete any personnel actions currently in progress as well as the chance to address any charges against her. The lawsuit also seeks a "name-clearing hearing" and an order to DOD to share information about the ongoing personnel actions with Arrington's lawyers.

"If DOD takes any formal action against her clearance, Arrington would be entitled to the equivalent of a 'name clearing hearing,'" Arrington's lawyer Mark S. Zaid explained in an email exchange with FCW. "But this claim allows us to push harder for that to happen. It is a very novel approach we take on occasion when someone's reputation is at issue."

The CMMC program itself is currently on pause amid an internal DOD review. Defense officials have been urging contractors to continue preparing for the program's implementation while the review is ongoing. 

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected