Immaturity of the Cybersecurity Maturity Model: Revisions Omit Higher-Level Updates

Client Alert | 1 min read | 11.13.19

Last week, the Defense Department (DoD) released Revision 0.6 to the Cybersecurity Maturity Model Certification (CMMC). Notably absent were revisions to Levels 4 – 5, which DoD promises in the next public release. While the final version of the CMMC is due in late January, Revision 0.6 updated CMMC Levels 1 – 3 by:

Condensing the CMMC requirements;
Modifying the practices and processes; and
Providing clarifications and examples for CMMC Level 1 requirements.

Revision 0.6 also distilled the core requirements for Levels 1 – 3 into the following categories:

Level 1 -- Basic cyber hygiene: Implementation of security controls in FAR 52.204-21, Basic Safeguarding of Covered Contractor Information Systems;
Level 2 -- Intermediate cyber hygiene: Implementation of select NIST SP 800-171 controls; and
Level 3 -- Good cyber hygiene: Full implementation of NIST SP 800-171 controls.

Industry will benefit from reviewing this latest draft and preparing for DoD’s pending implementation of the CMMC.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 3 min read | 10.15.25

Developers Adapt Timelines and Strategies for Wind and Solar Projects Following Recent IRS Guidance and Expected IRS Enforcement Activity

On August 15, 2025, the Treasury Department and IRS released updated guidance concerning Beginning of Construction requirements to qualify for clean energy tax credits. This new guidance is critical for developers to consider as they rush to qualify for the tax credits before they expire entirely. The much-anticipated guidance followed the July 7, 2025 Executive Order 14315, Ending Market Distorting Subsidies for Unreliable, Foreign-Controlled Energy Sources (“July 7, 2025 Executive Order”), which signaled that the Trump Administration was planning to strictly enforce the termination of production and investment tax credits for solar and wind facilities that are set to expire under the One Big Beautiful Bill Act (OBBB Act), covered in more detail here. The new guidance comes at a time when many in the industry are struggling to keep up with the myriad ways that the new administration is working to roll back wind and solar tax credits, leaving developers to piece through the recent guidance to determine how best to structure and invest in clean energy projects given the volatile position of the current administration vis-a-vis wind and solar energy....

Client Alert | 10 min read | 10.15.25
Understanding the EU’s International Procurement Instrument
Client Alert | 4 min read | 10.14.25
Amici Urge SCOTUS to Walk Back Fourth Circuit Decision on Contributory Liability for Copyright Infringement
Client Alert | 35 min read | 10.13.25
Building Blocks of Design Law: CJEU rules on LEGO Group Modular Design Protection

View All Insights