1. Home
  2. |Insights
  3. |Immaturity of the Cybersecurity Maturity Model: Revisions Omit Higher-Level Updates

Immaturity of the Cybersecurity Maturity Model: Revisions Omit Higher-Level Updates

Client Alert | 1 min read | 11.13.19

Last week, the Defense Department (DoD) released Revision 0.6 to the Cybersecurity Maturity Model Certification (CMMC). Notably absent were revisions to Levels 4 – 5, which DoD promises in the next public release. While the final version of the CMMC is due in late January, Revision 0.6 updated CMMC Levels 1 – 3 by:

  • Condensing the CMMC requirements;
  • Modifying the practices and processes; and
  • Providing clarifications and examples for CMMC Level 1 requirements.

Revision 0.6 also distilled the core requirements for Levels 1 – 3 into the following categories:

  • Level 1 -- Basic cyber hygiene: Implementation of security controls in FAR 52.204-21, Basic Safeguarding of Covered Contractor Information Systems;
  • Level 2 -- Intermediate cyber hygiene: Implementation of select NIST SP 800-171 controls; and
  • Level 3 -- Good cyber hygiene: Full implementation of NIST SP 800-171 controls.

Industry will benefit from reviewing this latest draft and preparing for DoD’s pending implementation of the CMMC.

Insights

Client Alert | 3 min read | 03.28.24

UK Government Seeks to Loosen Third Party Litigation Funding Regulation

On 19 March 2024, the Government followed through on a promise from the Ministry of Justice to introduce draft legislation to reverse the effect of  R (on the application of PACCAR Inc & Ors) v Competition Appeal Tribunal & Ors [2023] UKSC 28.  The effect of this ruling was discussed in our prior alert and follow on commentary discussing its effect on group competition litigation and initial government reform proposals. Should the bill pass, agreements to provide third party funding to litigation or advocacy services in England will no longer be required to comply with the Damages-Based Agreements Regulations 2013 (“DBA Regulations”) to be enforceable....