Oxebridge has filed a formal whistleblower reprisal complaint with the US Dept. of Defense against CISO Katie Arrington, who launched a number of defamatory attacks against the company’s founder, Christopher Paris.

Paris, who is protected under the DoD’s Defense Intelligence Community Whistleblower Protection (DUCWP) program for prior whistleblower reports, has filed multiple ethics complaints against Arrington. Oxebridge also filed a criminal complaint against her for misuse of office, specifically related to false statements made to induce private companies to buy products sold by the CMMC Accreditation Body.

Arrington is aware of the formal complaints filed against her, but nevertheless repeatedly targeted Paris for personal attacks on LinkedIn. Ironically, Arrington hired famed whistleblower protection attorney Mark S. Zaid, who now finds himself representing a client accused of whistleblower reprisals.

In one defamatory post, Arrington injected herself into a LinkedIn conversation between Paris and Mark Berman, a former CMMC-AB Board member, saying Paris “is obviously insane.” The statement was not couched as an opinion, but stated as a fact.

Berman was ousted from the CMMC-AB after he worked alongside former Board Chair Ty Schieber to launch a controversial “Diamond” membership program in which he solicited $500,000 per person payments, creating the appearance of a pay-t0-play Ponzi scheme. Paris’ reporting on the subject was picked up by the Washington Post, and both Berman and Scheiber were removed a few days later. Arrington has repeatedly defended the men, and refused to denounce the Diamond program. Schieber previously worked with Arrington as her superior at Dispersive Technologies, and was a campaign donor to her failed Congressional run in South Carolina.

Paris emerged as a critic of Arrington, after she repeatedly claimed companies were required to pursue CMMC certification as early as 2020. In a public YouTube video published in March of 2020, she is heard telling companies to pursue certification or they would lose the ability to bid on contracts in January of 2021:

I’m going to start putting [CMMC] in [DoD] RFPs in the fall of 2020…If you’re currently doing business today and you think to yourself, “this contract is going to come up in a year I’m going to go to re-bid,” pre-position yourself to know the CMMC will be there. Now, there are no companies accredited right now, but does that mean you shouldn’t be getting ready? Absolutely not. GET READY!

In an article about the event, Arrington is quoted as saying:

[Companies] will need to be CMMC certified by September 2020 in order to bid on new DoD contracts…. you should be preparing now for your first audit.

None of what she predicted ever came true, and Oxebridge has argued since October of 2020 that the statements were untrue at that time.

The DoD recently announced “CMMC 2.0” which dismantles nearly all of the CMMC program as designed by Arrington, while adopting some of the corrections suggested by Oxebridge to reduce costs, improve trust, and remove conflicts of interest.

Nevertheless, as recently as last week Arrington was still attempting to sell on behalf of the CMMC-AB. On LinkedIn, Arrington made a new false claim that companies should “pursue a CMMC AB NIST 800-171 audit,” and that “the CMMC-AB… can provide a third-party audit of a companies [sic] compliance to the standards.” In fact, the CMMC-AB does not perform any third-party audits of defense companies, and is only tasked with accrediting certification bodies. The CMMC-AB has never claimed to offer any NIST 800 audits at all.

It is illegal for a government employee to use their official position to drive business to buy services of any preferred entity. The issue is worsened if the claims are blatantly false.

It was Paris’ questioning of Arrington on this subject that appears to have triggered her latest outburst. However, Arrington never answered the questions put to her, nor provided an explanation of why she was telling companies to pay the CMMC-AB for audits that they cannot perform.

In a prior post, Arrington invoked “Jesus Christ” and promoted a Paris opinion piece that discussed the multiple ethics and criminal complaints filed against her.

Arrington is suing the Federal government over their decision to suspend her security clearance and put her on paid leave, as they investigate a claim she leaked “Top Secret” classified information.

Along with the DICWP reprisal complaint, Oxebridge will update its criminal complaint, adding the recent post regarding CMMC-AB “audits.”

To date, multiple subjects of Oxebridge’s ethics filings have been removed from their positions in the CMMC scheme, including Ty Schieber, Mark Berman, Regan Edens, and Ben Tchoubineh.


ISO 17000 Series Consulting

Why we report on these topics

Since 2000, Oxebridge has worked to improve ISO and related certification schemes by identifying problems and then proposing solutions. We report on issues affecting standards users because so few other news outlets do. Our belief is that in order to fix the problems in these schemes, we must first understand the nature and breadth of those problems. Our reporting aims to do just that. Elsewhere on the Oxebridge site you will find White Papers and other articles proposing ideas to correct these problems.

1 Comment

Leave a reply


Available Tools

Oxebridge SWAG