Latest news with #KatieArrington
Forbes
07-07-2025
- Business
- Forbes
CMMC Compliance: The Costs, Risks And Race To Certification
Cybersecurity Maturity Model Certification compliance will soon be a prerequisite for the U.S. ... More Department of Defense supply chain. For companies in the defense industrial base, Cybersecurity Maturity Model Certification will soon be a prerequisite for doing business. And as CMMC compliance rollout deadlines loom, the Department of Defense isn't mincing words. 'CMMC started under Trump 1,' said Katie Arrington, performing the duties of the DoD Chief Information Officer and a key architect of the program. 'It will finish and be implemented under Trump 2.' She made these comments in a keynote at the AFCEA International TechNet Cyber convention in May. With CMMC requirements already appearing in contract language and full enforcement expected by 2028, the urgency is real. Contractors who aren't ready may lose their ability to compete for new work, replaced by competitors who moved faster and budgeted smarter. CMMC 2.0 Offers Flexibility – But CMMC Compliance Still Requires Effort In contrast with the originally proposed CMMC, the new structure simplifies the model from five tiers to three, allows companies to address compliance gaps gradually to provide more flexibility, and prioritizes the most critical cybersecurity practices by aligning with National Institute of Standards and Technology Special Publication SP 800-171. Despite the additional flexibility of CMMC 2.0, many small and mid-sized businesses still underestimate both the rigor, reach, and effort required for compliance. Cybersecurity risk and compliance company CyberRx hosted a webinar on June 26th that emphasized the costs and consequences of CMMC compliance, as well as of noncompliance. 'CMMC compliance is going to be a baseline requirement,' said Ola Sage, CEO of CyberRx. 'The next step is to combine direct and indirect cost projections into your IT and security budgets.' DoD's total estimate for achieving Level 2 compliance is over $100,000, though Sage clarified that this doesn't necessarily reflect what Certified Third Party Assessor Organizations are charging, and costs vary depending on scope and complexity. She also encouraged firms to look for state and other grant and cost-sharing programs. Greg Smith of CyberRx added a stark warning: 'The competitors that are certified will win more business. The longer one waits, the more expensive it will be to implement, and the longer waits there will be to get help from a C3PAO.' CMMC Noncompliance Creates Real Consequences The financial costs of CMMC are clear, but so are the consequences of noncompliance. Israel Brigs, another panelist, outlined what's at stake: loss of contract eligibility, revenue, and prime contractor status. There are also legal risks. 'There have already been three cases under the False Claims Act,' Smith said, pointing to instances where firms prematurely and therefore falsely claimed to be compliant. Cyber insurers are paying attention, too. Any security lapse tied to noncompliance could spike premiums, or void coverage entirely. 'In the worst case,' said Brigs, 'coverage can even be denied, requiring you to self-insure.' Even reputational damage is on the table. Contractors that lag in certification signal a lack of commitment to cybersecurity, a signal not just for the Pentagon, but also for potential commercial clients and investors, not to mention foreign adversaries. Start CMMC Compliance Now – Or Risk Missing The Window Getting certified isn't as simple as submitting a form. The pool of C3PAOs is small relative to the demand, and there's already a six- to nine-month backlog in some cases. 'Yesterday!' said Sage, when asked how soon companies should engage a C3PAO. 'You don't have to be ready for an assessment to engage a C3PAO, but you do need to get on their schedule.' She also urged companies to conduct a mock assessment, preferably with the same C3PAO they intend to use for their official review, 60 to 90 days in advance of the real assessment. That window gives organizations time to identify and correct deficiencies before it's too late. A Cultural Shift Is Key to CMMC Compliance Success In her TechNet Cyber 2025 keynote, Arrington warned of an often-overlooked threat: public skepticism. She referenced LinkedIn posts that downplay the feasibility or complain about the difficulty of compliance and suggested that foreign adversaries are taking note. Her message was clear: airing frustrations online can broadcast weakness. She didn't hold back on responsibility either: 'If you didn't build it into your rate, shame on you.' CMMC compliance is a strategic investment that will change the security of your business, not a technical hurdle or simple procurement requirement. And like many investments, the longer you wait, the higher the expenditure in both direct and opportunity costs. CMMC Compliance Provides a Competitive Edge As Forbes cybersecurity contributor and serial tech CEO Emil Sayegh noted, 'CMMC 2.0 is more than a regulatory requirement; it's a blueprint for cybersecurity resilience across the defense supply chain.' Contractors who embrace that mindset of CMMC compliance – and act on it – will gain a competitive edge. Those who don't may soon find themselves outpaced, outbid, and out of work. Did you enjoy this story on CMMC compliance? Don't miss my next one: se the blue 'follow' button at the top of the article near my byline to follow my work, and check out my other columns here.
Yahoo
25-06-2025
- Business
- Yahoo
Cyberstar Joins GSA Advantage Marketplace, Offering New Procurement Option for the Industry-Leading Cyber Workforce Platform and Optimizing for GSA OneGov Strategy and SWFT Initiative
WASHINGTON, June 25, 2025 /PRNewswire/ -- Zero-friction 8140 compliance & commercial off the shelf (COTS) cyber workforce solution now available through streamlined federal procurement supporting $110B GSA OneGov transformation and DoD software modernization. Cyberstar, the industry-leading DoD cyber workforce platform, today announced its strategic addition to the GSA Advantage marketplace, positioning the company to support Fourth Estate agencies both GSA's groundbreaking OneGov strategy and Acting DoD CIO Katie Arrington's Software Fast Track (SWFT) initiative. This milestone creates streamlined procurement access for agencies under 10,000 users while supporting the most significant federal acquisition transformation in decades. The GSA OneGov strategy, unveiled April 29, 2025, consolidates $110 billion in annual federal IT contracts under unified purchasing power, fundamentally reshaping how government acquires technology services. The SWFT initiative, launched just a month later on June 1, 2025, complements OneGov by replacing legacy software authorization processes with AI-driven automation. Together, these initiatives create demand for a new approach to cybersecurity workforce management that can support the DoD's rigorous security and procurement processes while promoting essential modern software capabilities and data-driven analysis. Cyberstar's GSA Advantage listing enables agencies with under 10,000 users to access automated 8140 compliance solutions through pre-approved procurement channels while supporting OneGov's mandate for enhanced cybersecurity protections embedded directly in all federal contracts. "The convergence of OneGov's enterprise-scale procurement transformation and Katie Arrington's SWFT initiative represents the future of federal technology acquisition," said Marling Engle, CEO at Cyberstar. "Our GSA Advantage availability ensures agencies can implement both the standardized cybersecurity workforce requirements OneGov demands and the continuous monitoring capabilities SWFT enables." Cyberstar's proven capabilities directly support OneGov objectives through real-time qualification tracking across all DCWF, 8140, IA, NICE and custom work roles, plus automated certification validation and intelligent workforce analytics purpose-built for defense cyber teams. The platform's robust system integrations and FedRAMP authorization ensure immediate deployment capability supporting both military and civilian organizations and defense contractors. Current Cyberstar implementations have documented results including 90% reduction in manual compliance tasks and $1M+ annual savings through streamlined processes. Through GSA Advantage, agencies can now access comprehensive workforce management capabilities without traditional procurement delays, while simultaneously supporting both OneGov standardization objectives and SWFT implementation requirements. About Cyberstar: Built by cyber operators for cyber operators, Cyberstar modernizes federal workforce mission readiness through automated validation, real-time monitoring, and intelligent analytics to lend operational advantage. Formerly CyberSTAR by WillCo Tech, it is the industry-leading platform for defense cyber workforce modernization, incorporating DCWF and 8140 workforce management to empower DoD teams so they can focus on cyber defense without getting bogged down in paperwork. Learn more at Media Contact:Lily HunterChief Marketing Officermarketing@ View original content to download multimedia: SOURCE Cyberstar
Yahoo
22-05-2025
- Business
- Yahoo
Knox Systems Backs DoD's SWFT Push to Fast-Track Secure Software
WASHINGTON and NEW YORK, May 22, 2025 /PRNewswire/ -- Knox Systems, the company behind the largest and longest-running FedRAMP and DISA-authorized SaaS cloud in the federal market, is proud to support the Department of Defense's Software Fast Track (SWFT) initiative—an effort to transform how software is assessed, authorized, and deployed across defense missions. As one of the first participants, Knox submitted responses to all three SWFT RFIs—Tools, External Assessment Methodologies, and Automation & AI —outlining how its AI-native platform, KnoxAI, delivers real-time, mission-aware risk assessments and automates compliance at scale. KnoxAI is already operational and supports secure cloud environments for agencies including the U.S. Marine Corps, DCSA, and NRO, helping deliver faster, more rigorous paths to Authorization to Operate (ATO). It ingests SBOMs and telemetry, contextualizes vulnerabilities, and autogenerates POA&Ms and NIST-800 documentation—all at scale, with thousands of scans run. "The future of ATO is autonomous, continuous, and contextual," said Irina Denisenko, CEO of Knox Systems. "SWFT is a turning point for how we manage software risk in government. We're proud to contribute our experience and technology to help accelerate secure software to the mission edge." The launch of SWFT follows growing recognition that traditional authorization processes are too slow and brittle for today's software-driven landscape. At AFCEA and in recent public remarks, DoD CISO Katie Arrington emphasized that the goal of SWFT is to "remove the unnecessary bureaucracy and create a more streamlined, efficient way to do cybersecurity," enabling faster, safer deployment of commercial technology. Knox's contributions to SWFT reflect a decade-long track record of enabling secure government software—from powering Adobe's federal cloud to pioneering AI-native risk assessment for the DoD. For media inquiries:press@ View original content to download multimedia: SOURCE Knox Systems, Inc
Yahoo
22-05-2025
- Business
- Yahoo
Knox Systems Backs DoD's SWFT Push to Fast-Track Secure Software
WASHINGTON and NEW YORK, May 22, 2025 /PRNewswire/ -- Knox Systems, the company behind the largest and longest-running FedRAMP and DISA-authorized SaaS cloud in the federal market, is proud to support the Department of Defense's Software Fast Track (SWFT) initiative—an effort to transform how software is assessed, authorized, and deployed across defense missions. As one of the first participants, Knox submitted responses to all three SWFT RFIs—Tools, External Assessment Methodologies, and Automation & AI —outlining how its AI-native platform, KnoxAI, delivers real-time, mission-aware risk assessments and automates compliance at scale. KnoxAI is already operational and supports secure cloud environments for agencies including the U.S. Marine Corps, DCSA, and NRO, helping deliver faster, more rigorous paths to Authorization to Operate (ATO). It ingests SBOMs and telemetry, contextualizes vulnerabilities, and autogenerates POA&Ms and NIST-800 documentation—all at scale, with thousands of scans run. "The future of ATO is autonomous, continuous, and contextual," said Irina Denisenko, CEO of Knox Systems. "SWFT is a turning point for how we manage software risk in government. We're proud to contribute our experience and technology to help accelerate secure software to the mission edge." The launch of SWFT follows growing recognition that traditional authorization processes are too slow and brittle for today's software-driven landscape. At AFCEA and in recent public remarks, DoD CISO Katie Arrington emphasized that the goal of SWFT is to "remove the unnecessary bureaucracy and create a more streamlined, efficient way to do cybersecurity," enabling faster, safer deployment of commercial technology. Knox's contributions to SWFT reflect a decade-long track record of enabling secure government software—from powering Adobe's federal cloud to pioneering AI-native risk assessment for the DoD. For media inquiries:press@ View original content to download multimedia: SOURCE Knox Systems, Inc Sign in to access your portfolio
