top of page

From Reciprocity Memos on DoD's Cybersecurity Certification Program are Ready

Updated: Mar 3

Article highlights:

  • The DoD and the CMMCAB have agreed on terms for accommodating companies that have already been audited for cybersecurity.

  • Defense officials sought to assure contractors that CMMC auditors would consider FedRAMP certifications,

  • “I'm going to take any ISO 27001 and provide reciprocity,” said Katie Arrington, the chief information security officer for Defense acquisitions, referring to the foundational international information security standard. “We're giving reciprocity for the DIBCAC assessments that have already been done. And we're giving reciprocity when it comes to FedRAMP."


bottom of page