DoD Previews New Third-Party Cyber Certification Requirements
Client Alert | 1 min read | 06.17.19
The Department of Defense is moving closer to a third-party certification to ensure compliance with its standard cybersecurity requirements – what is being called the “Cybersecurity Maturity Model Certification” (CMMC). While still in the early stages of development, the CMMC would likely require all contractors subject to DFARS 252.204-7012 to obtain a certification issued by an independent third party stating that the contractor has sufficiently implemented its required cybersecurity controls. Holding this certification would be a “go/no-go” condition to compete for relevant DoD work. Although NIST SP 800-171 is the default cybersecurity standard currently required under -7012, DoD is also exploring the creation of a new standard that would govern the certification. DoD is projecting that the CMMC will start appearing in solicitations as early as Fall 2020, but much work remains to be done – including potential revisions to -7012 – and will no doubt be informed by extensive industry engagement.
Contacts
Partner, Crowell Global Advisors Senior Director
Insights
Client Alert | 6 min read | 09.11.25
U.S. Department of Commerce Partially Relaxes Export Controls on Syria
On August 28, the U.S. Department of Commerce Bureau of Industry and Security (BIS) published a final rule that modifies the Export Administration Regulations (EAR) to reduce the number of export control restrictions on Syria, in alignment with Executive Order 14312, Providing For The Revocation of Syria Sanctions. The key adjustments made by this rule include the addition of new or expanded license exception eligibility for exports and reexports to Syria (which significantly broadens the number of items that can be exported or reexported to Syria) and the adoption of more permissive license review policies for exports and reexports to Syria.
Client Alert | 9 min read | 09.11.25
Client Alert | 1 min read | 09.10.25
Client Alert | 7 min read | 09.10.25
