1. Home
  2. |Insights
  3. |No More "Wait & See" for CMMC: DoD Releases Final Cybersecurity Maturity Model Certification

No More "Wait & See" for CMMC: DoD Releases Final Cybersecurity Maturity Model Certification

Client Alert | 1 min read | 02.03.20

The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:

  • Process and Practice Descriptions in Appendix B, which include discussions and clarifications for every “practice” within each CMMC Level, including the long-awaited examples for Levels 4 and 5; and
  • Source Mapping in Appendix E, which maps each “practice” across all five Levels –171 in total – to other pre-existing cybersecurity frameworks.

Much, however, remains to be done. In anticipation of the DoD adopting “go/no-go” CMMC certification requirements later this year, a privately-run Accreditation Body is expected to begin training third-party assessors (3PAOs) this spring in conducting those certifications for contractors. Simultaneously, the DoD is expected to issue a proposed rule incorporating the CMMC into DFARS 252.204-7012, to be finalized this fall. 


Contacts

Insights

Client Alert | 3 min read | 10.24.25

In a Move Affecting the Future of Data Centers, DOE Directs FERC to Act On Large Load Interconnections

On October 23rd, the U.S. Department of Energy (“DOE”) sent a letter to the Federal Energy Regulatory Commission (“FERC”) containing an Advance Notice of Proposed Rulemaking (“ANOPR”) with principles for all large load interconnections across the US, including those co-located with generating facilities.[1] Significantly, the Secretary of Energy states that the interconnection of large loads to the transmission system “falls squarely” within FERC’s jurisdiction, thus weighing in on a dispute that has been pending before FERC for over a year. This move appears to be a reaction to the continued pendency before FERC of the colocation dockets[2] and a technical conference on colocation held almost a year ago.[3]...