Buy 1 Get 2 Free Special on Cyber Regulations: DoD Interim Rule Unveils 3 New Clauses Geared at Cybersecurity Assessments
Client Alert | 1 min read | 09.29.20
The Department of Defense (DoD) has released its eagerly anticipated Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement two major initiatives: the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology and the Cybersecurity Maturity Model Certification (CMMC). The Interim Rule introduces the related clauses DFARS 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements and DFARS 252.204-7020, NIST SP 800-171 DoD Assessment Requirements; as well as the separate clause DFARS 252.204-7021, Cybersecurity Maturity Model Certification Requirements.
-7019 requires contractors to have a current NIST SP 800-171 DoD Assessment in order to be considered for award, which may have been met where contractors have had a recent Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) Assessment. Relatedly, -7020 requires contractors to provide the Government with access to their facilities and systems for higher-level Assessments, in addition to ensuring that subcontractors handling Covered Defense Information (CDI) have made their Assessments available to the Government.
-7021 implements the long-expected CMMC framework, where contractors must receive a third-party certification that they have met one of five specified cybersecurity levels – and maintain that certification for the duration of their contracts. The CMMC clause will begin appearing in select solicitations later this year, and eventually in all solicitations above the micro-purchase threshold by October 1, 2025, excluding those exclusively for commercially available off-the-shelf (COTS) items.
The Interim Rule goes into effect on November 30, 2020, with comments due the same day.
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 5 min read | 12.12.25
Eleventh Circuit Hears Argument on False Claims Act Qui Tam Constitutionality
On the morning of December 12, 2025, the Eleventh Circuit heard argument in United States ex rel. Zafirov v. Florida Medical Associates, LLC, et al., No. 24-13581 (11th Cir. 2025). This case concerns the constitutionality of the False Claims Act (FCA) qui tam provisions and a groundbreaking September 2024 opinion in which the United States District Court for the Middle District of Florida held that the FCA’s qui tam provisions were unconstitutional under Article II. See United States ex rel. Zafirov v. Fla. Med. Assocs., LLC, 751 F. Supp. 3d 1293 (M.D. Fla. 2024). That decision, penned by District Judge Kathryn Kimball Mizelle, was the first success story for a legal theory that has been gaining steam ever since Justices Thomas, Barrett, and Kavanaugh indicated they would be willing to consider arguments about the constitutionality of the qui tam provisions in U.S. ex rel. Polansky v. Exec. Health Res., 599 U.S. 419 (2023). In her opinion, Judge Mizelle held (1) qui tam relators are officers of the U.S. who must be appointed under the Appointments Clause; and (2) historical practice treating qui tam and similar relators as less than “officers” for constitutional purposes was not enough to save the qui tam provisions from the fundamental Article II infirmity the court identified. That ruling was appealed and, after full briefing, including by the government and a bevy of amici, the litigants stepped up to the plate this morning for oral argument.
Client Alert | 8 min read | 12.11.25
Director Squires Revamps the Workings of the U.S. Patent Office
Client Alert | 8 min read | 12.10.25
Creativity You Can Use: CJEU Clarifies Copyright for Applied Art
Client Alert | 4 min read | 12.10.25
Federal Court Strikes Down Interior Order Suspending Wind Energy Development
