Katie Arrington has closed her short-lived private CMMC consulting firm to take a position as VP of Government Affairs of Exiger. That company sells services and products that support CMMC.
Arrington was the architect of the Dept. of Defense’s controversial CMMC program, and the subject of multiple ethics probes and complaints related to that scheme. Arrington then routinely attacked critics and whistleblowers of the CMMC program from her LinkedIn account. Oxebridge filed a complaint against Arrington alleging abuse of official position.
The CMMC scheme was branded a “pay-to-play” scam after Arrington used her role as Chief Information Security Officer for the Office of the Undersecretary of Defense for Acquisition and Sustainment to mandate the formation of a non-profit “CMMC Accreditation Body.” The resulting body was then led by Arrington’s former boss and campaign donor, Ty Schieber, raising questions of cronyism and fraud.
Typically, the US government is prohibited from creating private companies without the passage of a law, especially when existing companies already provide the intended service. Arrington never got Congressional approval, much less a law, to allow the Cyber AB to be created.
Katie Arrington
Arrington’s defenders within the AB claimed the appointment of Schieber was because the Defense Industrial Base (DIB) is “a small world.” At the same time, however, Arrington and others were publicly claiming the DIB was comprised of between 100,000 to 500,000 companies, contradicting the “small world” claims.
Schieber then falsified the CAGE code application for the resulting accreditation body, now branded as “The Cyber AB,” by claiming it was a 501(c)(3) not-for-profit when it was not. When Arrington was notified of the CAGE code fraud, she refused to investigate Schieber and instead attacked whistleblowers on LinkedIn.
Scheiber was later ousted for having launched a scheme to solicit $500,000 per-person “Diamond” partnerships, promising special benefits to those that bought them. Arrington angrily defended Schieber during the scandal.
As early as 2019, Arrington was seen at public events claiming — falsely — that CMMC would become a contractual obligation as early as 2020. That never came to pass, and CMMC is not expected to appear in government contracts until 2026. That date assumes the scheme is not scuttled entirely by Congress. Oxebridge claims both the program itself, and the Cyber AB, are illegal.
The contract crafted by Arrington’s office with The Cyber AB would give ISO 17011 oversight of the AB to the Inter-Americas Accreditation Cooperation, a Mexican body. Congress is unlikely to permit a DoD cybersecurity defense scheme to be overseen by Mexico.
Ironically, Arrington had used her government position to publicly chastise CMMC professionals who had not purchased credentials from the Cyber AB. Now, Arrington faces some questions about such accusations since she, herself, does not hold any of the AB credentials she once demanded others buy.
Arrington was sidelined by DoD officials, who claimed she had leaked classified information to an unnamed vendor. Arrington was stripped of her security clearances and CMMC duties, effectively giving her nothing to do, and eventually resigned in February of 2022. She is currently suing the DoD over the claims she leaked information, but the lawsuit appears stalled.
Upon her resignation, Arrington posted on LinkedIn that she had “failed” the defense industry.
Arrington immediately announced she was heading a CMMC consulting firm, LD Innovations, giving the appearance that she was attempting to profit from the scheme she, herself, had invented. That company had been created by Arrington before her cybersecurity career, and which had since been dissolved. Oxebridge was unable to verify that LD Innovations was ever brought out of dissolution, suggesting Arrington had never restored the company’s business registration and was merely using the former company’s name.
Arrington was caught having plagiarized a 2022 “White Paper” on CMMC, with entire sections taken from an article originally written by Summit7’s Jason Sproesser, but without attribution.
Arrington ran in a primary for a South Carolina Congressional seat but lost to Nancy Mace in 2022.
Arrington is slated to appear alongside attorney Robert Metzger at a coming CMMC event in February and sponsored by Exiger’s competitor, PreVeil. It is not clear if Exiger will now allow her to appear.
