Photo of Maida Oringher Lerner

Maida Oringher Lerner

Subscribe to Maida Oringher Lerner's Posts

Maida Lerner is senior counsel in Crowell & Moring's Washington, D.C. office and a part of the firm's Privacy & Cybersecurity, Government Contracts, and Environment & Natural Resources groups. Maida counsels a broad group of clients in a variety of sectors on cyber and physical security compliance and risk management, homeland security, and administrative matters, including trade associations and companies in the pipeline, transportation, government contracts, education, health care, and manufacturing sectors.

Contact:Read more about Maida Oringher Lerner

After much anticipation, the Cyber AB, formerly known as the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, recently released its pre-decisional draft CMMC Assessment Process (CAP).  The CAP describes the overarching procedures and guidance that CMMC Third-Party Assessment Organizations (C3PAOs) will use to assess entities seeking CMMC certification.  The current version of the CAP applies to contractors requiring CMMC Level 2 certification, which will likely be most contractors handling Controlled Unclassified Information (CUI) based on the Department of Defense’s (DoD) provisional scoping guidance for CMMC 2.0. Continue Reading No Summer Break for Cyber: Newly Unveiled CMMC Assessment Process Provides Industry with Upcoming Assessment Insights

The Department of Defense (DoD) recently announced significant changes to its Cybersecurity Maturity Model Certification (CMMC) program intended to simplify the requirements and ease the compliance burden on contractors.  Unlike its predecessor, the new CMMC 2.0 moves to three compliance levels rather than five; aligns the required security controls (known as practices) with National Institute

The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with

Fresh off the heels of the DFARS Interim Rule, the Department of Defense (DoD) released Assessment Guides for Levels 1 – 3 of the Cybersecurity Maturity Model Certification (CMMC). These Guides will be used by Certified Assessors to determine whether contractors have satisfied the practices and processes required to attain CMMC certifications at

The National Institute of Standards and Technology (NIST) recently released the final public draft of NIST Special Publication (SP) 800-172, formerly known as Draft NIST SP 800-171B. Building on the security requirements in NIST SP 800-171, the applicable standard under DFARS 252.204-7012, 800-172 provides 34 enhanced requirements to protect Controlled Unclassified Information (CUI)

The Defense Department (DoD) recently released Department of Defense Instruction (DoDI) 5200.48, “Controlled Unclassified Information (CUI),” which provides the DoD’s long-anticipated guidance on how to mark and handle CUI in accordance with the Federal Government’s broader CUI Program and DFARS 252.204-7012.  In doing so, it cancels legacy CUI guidance under DoD Manual 5200.01, Volume

The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control.  Importantly though, such guidance remains non-binding and is not intended to extend the scope of

The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:

  • Process and Practice Descriptions in Appendix B, which include discussions and clarifications

The National Institute of Standards and Technology (NIST) recently published a draft special publication titled Systems Security Engineering: Resiliency Considerations for the Engineering of Trustworthy Secure Systems (Volume 2), which provides guidance to professionals responsible for the activities and tasks related to the system life cycle processes in NIST’s flagship publication, NIST Special Publication 800-160

Yesterday, the DoD published an Interim Rule that, if finalized as drafted, would expand the already onerous requirements of the DFARS Safeguarding Clause to a broader array of potentially 10,000 defense contractors.  Citing “recent high-profile breaches of federal information,” the DoD’s Interim Rule emphasizes the need for clear, effective, and consistent cybersecurity protections in