As Crowell covered in a recent alert, the Department of Defense (DoD) on October 11, 2024 released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC).Continue Reading CMMC Final Rule Includes M&A Trigger for New Assessment
On August 15, 2024, the Department of Defense (“DoD”) released the long-awaited proposed rule (“August 2024 Proposed Rule”), updating Defense Federal Acquisition Regulation Supplement (“DFARS”) Clause 252.204-7021 (the “7021 Clause”), which, when final, will initiate the phased implementation of Cybersecurity Maturity Model Certification 2.0 (“CMMC”) requirements into DoD contracts. Continue Reading DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
This week’s episode covers the Cyber AB’s recently released pre-decisional draft CMMC Assessment Process, an SBA final rule that implements new methods for evaluating expanded sources of small business past performance, a GSA OIG Alert about the Transactional Data Reporting rule, and Senate passage of an amended version of the Preventing Organizational Conflicts of Interest
After much anticipation, the Cyber AB, formerly known as the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, recently released its pre-decisional draft CMMC Assessment Process (CAP). The CAP describes the overarching procedures and guidance that CMMC Third-Party Assessment Organizations (C3PAOs) will use to assess entities seeking CMMC certification. The current version of the CAP applies to contractors requiring CMMC Level 2 certification, which will likely be most contractors handling Controlled Unclassified Information (CUI) based on the Department of Defense’s (DoD) provisional scoping guidance for CMMC 2.0. Continue Reading No Summer Break for Cyber: Newly Unveiled CMMC Assessment Process Provides Industry with Upcoming Assessment Insights
This week’s episode covers an update on the Cybersecurity Maturity Model Certification program, a GAO report on DHS’ controls to protect personally identifiable information, a Federal Circuit decision regarding prejudice in the bid protest context, and highlights from the National Defense Authorization Act for FY2022, and is hosted by Peter Eyre and Monica Sterling. Crowell
Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, hosts Evan Wolff and Kate Growley talk through some key elements that are no longer expected under CMMC 2.0.
Listen: Crowell.com | PodBean | SoundCloud | Apple Podcasts
Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, hosts Evan Wolff and Kate Growley talk through the fundamental changes that the DoD has announced will be made under “CMMC 2.0.”
Listen: Crowell.com | PodBean | SoundCloud | Apple
Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this final episode of a three-part series, host Kate Growley digests the current state of DFARS clause 252.204-7021 and what contractors should know about the Cybersecurity Maturity Model Certification (or CMMC).
Listen:
More than 300,000 companies within the Defense Department’s supply chain will need to meet new Cybersecurity Maturity Model Certification (CMMC) requirements and pass a third-party assessment to ensure they are adequately protecting sensitive information on their networks. Now, Crowell & Moring has become the first AmLaw 100 firm to achieve Registered Provider Organization (RPO) status