Photo of Christopher Hebdon

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces.  In this episode, Evan Wolff and Chris Hebdon discuss the notable cybersecurity provisions and omissions in the National Defense Authorization Act (NDAA) for Fiscal Year 2022.

ListenCrowell.com | PodBean | SoundCloud

The Department of Defense (DoD) recently announced significant changes to its Cybersecurity Maturity Model Certification (CMMC) program intended to simplify the requirements and ease the compliance burden on contractors.  Unlike its predecessor, the new CMMC 2.0 moves to three compliance levels rather than five; aligns the required security controls (known as practices) with National Institute

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, host Evan Wolff talks with Chris Hebdon about micro-purchases and the cybersecurity obligations that contractors may encounter in the performance of these small dollar contracts.

ListenCrowell.com | PodBean |

In this episode, host Kate Growley is joined by Chris Hebdon as they discuss current requirements for cloud service providers interested in working for the Department of Defense. Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces.

Click below to listen or access

The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with

The Department of Defense (DoD) recently implemented additional procedures for the mitigation of cybersecurity risks in its supply chain. Designed to identify and mitigate cybersecurity and related supply chain risks throughout a program’s lifecycle, DoD Instruction 5000.90, Cybersecurity Acquisition Decision Authorities and Program Managers, requires program managers to:

  • Assess contractors’ cybersecurity posture, including, where

Fresh off the heels of the DFARS Interim Rule, the Department of Defense (DoD) released Assessment Guides for Levels 1 – 3 of the Cybersecurity Maturity Model Certification (CMMC). These Guides will be used by Certified Assessors to determine whether contractors have satisfied the practices and processes required to attain CMMC certifications at

The National Institute of Standards and Technology (NIST) recently released the final public draft of NIST Special Publication (SP) 800-172, formerly known as Draft NIST SP 800-171B. Building on the security requirements in NIST SP 800-171, the applicable standard under DFARS 252.204-7012, 800-172 provides 34 enhanced requirements to protect Controlled Unclassified Information (CUI)

The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control.  Importantly though, such guidance remains non-binding and is not intended to extend the scope of

The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:

  • Process and Practice Descriptions in Appendix B, which include discussions and clarifications