No More "Wait & See" for CMMC: DoD Releases Final Cybersecurity Maturity Model Certification
Client Alert | 1 min read | 02.03.20
The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:
- Process and Practice Descriptions in Appendix B, which include discussions and clarifications for every “practice” within each CMMC Level, including the long-awaited examples for Levels 4 and 5; and
- Source Mapping in Appendix E, which maps each “practice” across all five Levels –171 in total – to other pre-existing cybersecurity frameworks.
Much, however, remains to be done. In anticipation of the DoD adopting “go/no-go” CMMC certification requirements later this year, a privately-run Accreditation Body is expected to begin training third-party assessors (3PAOs) this spring in conducting those certifications for contractors. Simultaneously, the DoD is expected to issue a proposed rule incorporating the CMMC into DFARS 252.204-7012, to be finalized this fall.
Contacts
Senior Counsel
She/Her/Hers
Insights
Client Alert | 2 min read | 04.29.25
President Trump Issues Executive Order Deprioritizing Disparate Impact Theory of Discrimination
On April 23, 2025, President Trump signed an executive order, Restoring Equality of Opportunity and Meritocracy, declaring it the policy of the United States “to eliminate the use of disparate-impact liability in all contexts to the maximum degree possible to avoid violating the constitution, Federal civil rights laws, and basic American ideals.” The order reasons that “disparate impact liability all but requires individuals and businesses to consider race and engage in racial balancing to avoid potentially crippling legal liability.”
Client Alert | 6 min read | 04.28.25
Client Alert | 3 min read | 04.28.25
Client Alert | 3 min read | 04.25.25
