Photo of Kate GrowleyPhoto of Nkechi KanuPhoto of Christopher Hebdon

Fresh off the heels of the DFARS Interim Rule, the Department of Defense (DoD) released Assessment Guides for Levels 1 – 3 of the Cybersecurity Maturity Model Certification (CMMC). These Guides will be used by Certified Assessors to determine whether contractors have satisfied the practices and processes required to attain CMMC certifications at the level needed to be awarded future DoD contracts. These new assessment procedures, which DoD calls “authoritative,” are leveraged from NIST SP 800-171A, the NIST guidance used to assess compliance with NIST SP 800-171.

A notable inclusion in the Levels 2 – 3 Guide is the assessment criteria used to evaluate a contractor’s implementation of processes for each of the 17 CMMC Domains. Under the CMMC, the DoD has stated that contractors will not be certified at CMMC Levels 2 and above if the contractor has not satisfied both the technical practices and process maturity for the desired level.

These Guides will provide useful insights as contractors prepare for the DoD’s phased implementation of CMMC requirements into all DoD contracts over the next 5 years.

Tags: CMMC, Cybersecurity Maturity Model Certification
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kate Growley Kate Growley

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations…

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations, and policy engagement. With a unique combination of legal, policy, and consulting experience, Kate excels in translating complex technical topics into advice that is practical and informed by risk and business needs.

Kate has extensive experience working with members of the U.S. government contracting community, especially those within the Defense Industrial Base. She has partnered with contractors from every major sector, including technology, manufacturing, health care, and professional services. Kate is an IAPP AI Governance Professional (AIGP) and a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/G and CIPP/US). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).

Having lived in Greater China for several years, Kate also brings an uncommon understanding of digital and national security requirements from across the Asia Pacific region. She has notable experience with the regulatory environments of Australia, Singapore, Japan, and Greater China—including the growing regulation of data flows between the latter and the United States.

Kate is a partner in the firm’s Washington, D.C., office, as well as a senior director in the firm’s consultancy Crowell Global Advisors, to which she was seconded for several years. She is a founding member of the firm’s Privacy & Cybersecurity Group and part of the firm’s AI Steering Committee. She has been internationally recognized by Chambers and named a “Rising Star” by both Law360 and the American Bar Association (ABA). She has held numerous leadership positions in the ABA’s Public Contract Law and Science & Technology Sections and has been inducted as a lifetime fellow in the American Bar Foundation.

Read more about Kate Growley
Show more Show less
Photo of Nkechi Kanu Nkechi Kanu

Nkechi A. Kanu is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm’s Government Contracts Group.

Nkechi’s practice focuses on False Claims Act investigations and litigation. Nkechi has significant experience assisting companies with…

Nkechi A. Kanu is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm’s Government Contracts Group.

Nkechi’s practice focuses on False Claims Act investigations and litigation. Nkechi has significant experience assisting companies with complex internal investigations and represents clients in government investigations involving allegations of fraud. She also focuses on assisting clients with investigations relating to cybersecurity and information security compliance. Her complementary litigation practice involves defending companies in government-facing litigation arising under the FCA, resulting in the dismissal of qui tam complaints and successful settlements of FCA claims with DOJ.

Read more about Nkechi Kanu
Show more Show less
Photo of Christopher Hebdon Christopher Hebdon
Read more about Christopher Hebdon
Related Posts
From Yellow Jackets to Red Flags: DOJ Stings Georgia Tech for Alleged Cybersecurity Noncompliance
October 15, 2025
For Better or MORSE: Another Settlement Under DOJ’s Civil Cyber-Fraud Initiative
April 10, 2025
Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers
April 10, 2025