No More "Wait & See" for CMMC: DoD Releases Final Cybersecurity Maturity Model Certification

Client Alert | 1 min read | 02.03.20

The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:

Process and Practice Descriptions in Appendix B, which include discussions and clarifications for every “practice” within each CMMC Level, including the long-awaited examples for Levels 4 and 5; and
Source Mapping in Appendix E, which maps each “practice” across all five Levels –171 in total – to other pre-existing cybersecurity frameworks.

Much, however, remains to be done. In anticipation of the DoD adopting “go/no-go” CMMC certification requirements later this year, a privately-run Accreditation Body is expected to begin training third-party assessors (3PAOs) this spring in conducting those certifications for contractors. Simultaneously, the DoD is expected to issue a proposed rule incorporating the CMMC into DFARS 252.204-7012, to be finalized this fall.

Contacts

Evan D. Wolff
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2615
ZXdvbGZmQGNyb3dlbGwuY29t
Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 2 min read | 05.27.25

Federal Circuit Resolves Circuit Split on Scope of IPR Estoppel

As part of the 2012 America Invents Act, statutory estoppel was included to balance the interests of patent owners and patent challengers following an inter partes review (“IPR”). Estoppel prevents an IPR petitioner from later asserting in court that a claim “is invalid on any ground that the petitioner raised or reasonably could have raised” during the IPR. 35 U.S.C. § 315(e)(2). As applied, estoppel prevents petitioners from later relying in district court or in ITC proceedings on most patents or printed publications – the limited bases upon which petitioner can rely in an IPR. But a question remained, and contradictory district court decisions arose, as to whether petitioners would be estopped from relying on a prior art commercial product (known as “device art,” which could not itself have been raised in the IPR) even if a printed publication describing the product (i.e. a patent or technical manual) was available and presumably could have been raised. ...

Client Alert | 6 min read | 05.27.25
U.S. Departments of State and Treasury Issue Immediate Sanctions Relief for Syria
Client Alert | 3 min read | 05.23.25
Executive Order Seeks Most-Favored-Nation Drug Pricing and HHS Announces Price Targets
Client Alert | 4 min read | 05.22.25
Opportunities for Procurement on the Horizon as UK Concludes Free Trade Agreement With India

View All Insights