Photo of Crowell & Moring

More than 300,000 companies within the Defense Department’s supply chain will need to meet new Cybersecurity Maturity Model Certification (CMMC) requirements and pass a third-party assessment to ensure they are adequately protecting sensitive information on their networks. Now, Crowell & Moring has become the first AmLaw 100 firm to achieve Registered Provider Organization (RPO) status

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Maida Oringher LernerPhoto of Michael G. Gruden, CIPP/GPhoto of Christopher Hebdon

The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Michael G. Gruden, CIPP/G

This week, the DoD announced the first group of pilot programs under the Cybersecurity Maturity Model Certification. Although still under review, these programs will likely be among a small group to issue solicitations in FY2021 that will require a CMMC certificate to be eligible for award. The DoD expects to identify eight other programs

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Maida Oringher LernerPhoto of Nkechi KanuPhoto of Christopher Hebdon

Fresh off the heels of the DFARS Interim Rule, the Department of Defense (DoD) released Assessment Guides for Levels 1 – 3 of the Cybersecurity Maturity Model Certification (CMMC). These Guides will be used by Certified Assessors to determine whether contractors have satisfied the practices and processes required to attain CMMC certifications at

Photo of Evan D. WolffPhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Maida Oringher LernerPhoto of Michael G. Gruden, CIPP/GPhoto of Christopher Hebdon

The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:

  • Process and Practice Descriptions in Appendix B, which include discussions and clarifications

Photo of Adelicia R. CliffePhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Christopher Hebdon

On December 10, 2019, Under Secretary of Defense for Acquisition and Sustainment, Ellen Lord, briefed the press on the Department of Defense’s (DoD) significant acquisition reform achievements in 2019 and outlined many of the DoD’s top priorities for the coming year. Among a litany of other topics, the Secretary discussed efforts to streamline the