1. Home
  2. |Insights
  3. |No Summer Break for Cyber: Newly Unveiled CMMC Assessment Process Provides Industry with Upcoming Assessment Insights

No Summer Break for Cyber: Newly Unveiled CMMC Assessment Process Provides Industry with Upcoming Assessment Insights

Client Alert | 1 min read | 08.01.22

After much anticipation, the Cyber AB, formerly known as the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, recently released its pre-decisional draft CMMC Assessment Process (CAP).  The CAP describes the overarching procedures and guidance that CMMC Third-Party Assessment Organizations (C3PAOs) will use to assess entities seeking CMMC certification.  The current version of the CAP applies to contractors requiring CMMC Level 2 certification, which will likely be most contractors handling Controlled Unclassified Information (CUI) based on the Department of Defense’s (DoD) provisional scoping guidance for CMMC 2.0.

Aimed at increasing the accuracy and consistency of assessments conducted by C3PAOs, the CAP is segmented into four distinct phases:

Phase 1:  Plan and Prepare the Assessment;
Phase 2:  Conduct the Assessment;
Phase 3:  Report Assessment Results; and
Phase 4:  Close-Out Plan of Action and Milestones (POAMs) and Assessment.

While the assessment process is still in draft form, DoD contractors should familiarize themselves with the proposed structure and conduct of CMMC assessments, as these parameters will be critical to companies attaining CMMC certification at the level requisite for future government contract awards.

The Cyber AB is currently accepting comments on the draft CAP. 

Insights

Client Alert | 3 min read | 03.28.24

UK Government Seeks to Loosen Third Party Litigation Funding Regulation

On 19 March 2024, the Government followed through on a promise from the Ministry of Justice to introduce draft legislation to reverse the effect of  R (on the application of PACCAR Inc & Ors) v Competition Appeal Tribunal & Ors [2023] UKSC 28.  The effect of this ruling was discussed in our prior alert and follow on commentary discussing its effect on group competition litigation and initial government reform proposals. Should the bill pass, agreements to provide third party funding to litigation or advocacy services in England will no longer be required to comply with the Damages-Based Agreements Regulations 2013 (“DBA Regulations”) to be enforceable....