The Pentagon is officially moving responsibility for the Cybersecurity Maturity Model Certification program to the Defense Department chief information officer, while simultaneously disbanding the acquisition position that previously led the program.
The shift is laid out in a Feb. 2 memo signed by Deputy Defense Secretary Kathleen Hicks. The office of the under secretary for acquisition and sustainment has led CMMC since the program’s inception in 2019.
A team of six civilians from A&S, including CMMC Director Stacy Bostjanick, will move over to the CIO’s office, along with associated contract support, according to a statement from the Defense Department.
“I’d like to highlight the great work by A&S to establish the CMMC program,” John Sherman, DoD CIO, said in the statement. “As we realign responsibility for the program, it’s important to note that we will continue to work closely with A&S on this program.”
The A&S team will be aligned under David McKeown, the deputy CIO for cybersecurity, “to increase the program’s integration with other Defense Industrial Base Cybersecurity…
