No More "Wait & See" for CMMC: DoD Releases Final Cybersecurity Maturity Model Certification
Client Alert | 1 min read | 02.03.20
The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:
- Process and Practice Descriptions in Appendix B, which include discussions and clarifications for every “practice” within each CMMC Level, including the long-awaited examples for Levels 4 and 5; and
- Source Mapping in Appendix E, which maps each “practice” across all five Levels –171 in total – to other pre-existing cybersecurity frameworks.
Much, however, remains to be done. In anticipation of the DoD adopting “go/no-go” CMMC certification requirements later this year, a privately-run Accreditation Body is expected to begin training third-party assessors (3PAOs) this spring in conducting those certifications for contractors. Simultaneously, the DoD is expected to issue a proposed rule incorporating the CMMC into DFARS 252.204-7012, to be finalized this fall.
Contacts
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 4 min read | 05.01.26
Federal Court Blocks Trump Administration Policies Restricting Wind and Solar Permitting
A coalition of regional clean energy trade associations — including RENEW Northeast, Alliance for Clean Energy New York, Southern Renewable Energy Association, and Interwest Energy Alliance — along with the Green Energy Consumers Alliance (GECA), filed suit in December 2025 against the Department of the Interior (DOI), the Bureau of Land Management, the Bureau of Ocean Energy Management, the U.S. Fish and Wildlife Service (USFWS), and the Army Corps of Engineers. The complaint alleged that five agency actions, issued in response to a series of executive orders and presidential memoranda beginning on January 20, 2025, violated the Administrative Procedure Act (APA) by arbitrarily halting or restricting federal permitting for wind and solar energy projects. Plaintiffs sought a preliminary injunction to halt enforcement of these policies while the litigation proceeds. See Renew Northeast, et al. v. U.S. Dep’t of Interior, et al., No. 25-cv-13961-DJC, (D. Mass. Apr. 21, 2026) ECF Dkt. 89.
Client Alert | 2 min read | 05.01.26
New Executive Order Promoting Fixed Price Contracting: What It Means for Federal Contractors
Client Alert | 8 min read | 05.01.26
Pre-Approved: ICO Publishes Guidance on "Recognised Legitimate Interests”
Client Alert | 6 min read | 04.29.26
CMS Seeks to Expand Interoperability Requirements to Drug Pre-Authorization (FAQ)
