No More "Wait & See" for CMMC: DoD Releases Final Cybersecurity Maturity Model Certification

Client Alert | 1 min read | 02.03.20

The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:

Process and Practice Descriptions in Appendix B, which include discussions and clarifications for every “practice” within each CMMC Level, including the long-awaited examples for Levels 4 and 5; and
Source Mapping in Appendix E, which maps each “practice” across all five Levels –171 in total – to other pre-existing cybersecurity frameworks.

Much, however, remains to be done. In anticipation of the DoD adopting “go/no-go” CMMC certification requirements later this year, a privately-run Accreditation Body is expected to begin training third-party assessors (3PAOs) this spring in conducting those certifications for contractors. Simultaneously, the DoD is expected to issue a proposed rule incorporating the CMMC into DFARS 252.204-7012, to be finalized this fall.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 2 min read | 05.29.26

California Assembly Passes AB 1776, Sending Major Antitrust Bill to the Senate

California’s COMPETE Act (AB 1776) narrowly passed the California State Assembly by three votes on Wednesday and now moves to the California State Senate. The bill — introduced in March by Assembly Majority Leader Cecilia Aguiar-Curry — is modeled closely on draft legislation recommended by the California Law Revision Commission in September. AB 1776 would not only significantly expand potential liability for single-firm conduct and monopolization but, based on recent amendments, would also explicitly decouple California antitrust analysis from certain federal standards. Crowell & Moring is representing the California Chamber of Commerce (CalChamber) in monitoring, analyzing, and responding to AB 1776. ...

Client Alert | 5 min read | 05.29.26
Clover Insurance v. HHS: S.D. of Georgia Holds 20 Star Ratings Measures Unlawful
Client Alert | 3 min read | 05.29.26
Rough Seas for International Cartels: DOJ Indicts Four of the Largest Container Manufacturers and Executives for Price-Fixing
Client Alert | 3 min read | 05.28.26
PFAS Regulatory Alert: EPA Rolls Back RCRA Proposed Rule on “Hazardous Waste” but Does Not Disturb Proposed RCRA Rule on PFAS

View All Insights