Katie Arrington, who led the initial development of the Cybersecurity Maturity Model Certification program, is returning to the Pentagon as the Defense Department’s chief information security officer.
Arrington announced her appointment as DoD CISO in a Feb. 18 LinkedIn post. Her return to the Pentagon comes as DoD officials prepare to begin rolling out CMMC requirements this year.
Court documents show Arrington’s attorneys are also working on a settlement with the government related to the suspension of her security clearance nearly four years ago.
Arrington joined the Pentagon as a highly qualified expert in 2019. She subsequently transitioned into the senior executive service and served as CISO for the Pentagon’s acquisition and sustainment directorate.
During her time at DoD, Arrington was the leading proponent of the CMMC program. She initially unveiled the plan for the contractor cybersecurity certification program at a May 2019 event. The program is shaped around third-party auditors verifying whether defense contractors are complying with cybersecurity requirements.
“We cannot afford not to do this,” Arrington said at a July 2019 event. “[The U.S. is] losing $600 billion a year to our adversaries in exfiltrations, data rights, R&D loss.”
Arrington served in the CISO role at DoD’s acquisition directorate until May 2021, when the National Security Agency suspended her clearance. DoD subsequently placed her on paid administrative leave.
The government alleged Arrington had improperly disclosed top-secret information to a defense contractor. But Arrington filed a lawsuit against the government, claiming that she was not given details about the alleged unauthorized disclosure needed to defend herself.
Arrington reached a legal settlement with the government in early 2022, allowing her to obtain more information related to the revocation of her security clearance.
She has since filed a separate civil action to obtain documentation from Pentagon agencies related to her alleged security violations. A joint status report filed on Feb. 4 shows Arrington and the government “intend to engage in settlement discussions to hopefully resolve this matter without the need for further litigation.”
Arrington is being represented by Mark Zaid, a national security lawyer who is reportedly being targeted by President Donald Trump to have his security clearance revoked.
Zaid did not immediately respond to an email seeking more information about Arrington’s case. As DoD CISO, Arrington would require access to classified information.
Meanwhile, after leaving the Pentagon in early 2022, Arrington launched a bid for the House of Representatives Seat from South Carolina’s 1st Congressional District. She was ultimately defeated by Rep. Nancy Mace (R-S.C.) in the Republican primary.
Arrington then launched a private consulting firm before joining supply chain security company Exiger as vice president of government affairs in January 2024.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
