Katie Arrington, the former DoD CISO and architect of the CMMC program, published a “White Paper” that, according to the grammar-checking app Grammarly, was 30% plagiarized.

The publication “White Paper on the Cost of Cybersecurity Maturity Model Certification” lists Arrington as the sole author. However, Oxebridge did confirm that an entire page of the 6-page document was copied and pasted from a Summit7 article on CMMC. That article was titled “Cyber AB Town Hall Key Takeaways: Introducing the CAICO & other CMMC program updates.

Arrington then promoted the document on LinkedIn, referring to it as “an informative white paper on the cost of implementation of CMMC.”

The Summit7 article was dated October 3rd, and Arrington published her article on October 12. Sproesser is not named as the source of the text, and no attribution to Summit7 is given in the paper.

Text taken from Arrington’s article (left) compared to the earlier source work from Summit7 (right). Click to enlarge.

The paper shows that Arrington has not moved on from trying to influence CMMC, despite having had her Federal security clearance suspended, and resigning. Arrington then ran for US Congress and lost. Arrington’s LinkedIn profile does not show that she has obtained any private-sector employment since that time.

According to Oxford University, “plagiarism” is defined as “presenting someone else’s work or ideas as your own, with or without their consent, by incorporating it into your work without full acknowledgment.” While it is likely that Summit7 and Sproesser would not object to Arrington having used their material, the fact that Arrington falsely implied she had written it, and not given credit to the actual authors, would constitute plagiarism. Within academic circles, permission by the author does not negate the lack of attribution.


ISO Benchmark