Arrington: Establishing FedRAMP reciprocity for CMMC intended to help small businesses

Defense Department acquisition CISO Katie Arrington says her office is working to establish reciprocity with other government standards such as the General Services Administration’s FedRAMP, in an effort to help companies reach compliance with the Cybersecurity Maturity Model Certification program more quickly while still maintaining necessary security requirements.

Arrington, speaking Thursday at the Amazon Web Services Public Sector Summit, said the intent is to establish “non-duplication” for DOD’s CMMC program with “another federally funded or Department of Defense funded standard...