DoD Previews New Third-Party Cyber Certification Requirements
Client Alert | 1 min read | 06.17.19
The Department of Defense is moving closer to a third-party certification to ensure compliance with its standard cybersecurity requirements – what is being called the “Cybersecurity Maturity Model Certification” (CMMC). While still in the early stages of development, the CMMC would likely require all contractors subject to DFARS 252.204-7012 to obtain a certification issued by an independent third party stating that the contractor has sufficiently implemented its required cybersecurity controls. Holding this certification would be a “go/no-go” condition to compete for relevant DoD work. Although NIST SP 800-171 is the default cybersecurity standard currently required under -7012, DoD is also exploring the creation of a new standard that would govern the certification. DoD is projecting that the CMMC will start appearing in solicitations as early as Fall 2020, but much work remains to be done – including potential revisions to -7012 – and will no doubt be informed by extensive industry engagement.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 3 min read | 07.10.26
In Utech, Inc. v. United States, No. 24-1586 (Fed. Cir. June 24, 2026), the U.S. Court of Appeals for the Federal Circuit clarified that in most cases, a pre-award protest must be filed before the proposal submission deadline to avoid the Blue & Gold waiver rule. This decision, while nonprecedential, is in line with U.S. Government Accountability Office (GAO) precedent, which has long held that pre-award protests must be filed before the proposal submission deadline.
Client Alert | 5 min read | 07.10.26
Client Alert | 6 min read | 07.09.26
EU Steel Overcapacity Regulation: New Permanent Measure in Force from 1 July 2026
Client Alert | 5 min read | 07.09.26
Made in the USA? Prove It: FTC Marks America's 250th with Crack Down on Domestic Origin Claims
