Background - News & Events (Landing) 2016
All Alerts & Newsletters

The DoD's Own Cyber Monday: Defense Department Releases CMMC Assessment Guides

Dec.09.2020

Fresh off the heels of the DFARS Interim Rule, the Department of Defense (DoD) released Assessment Guides for Levels 1 - 3 of the Cybersecurity Maturity Model Certification (CMMC). These Guides will be used by Certified Assessors to determine whether contractors have satisfied the practices and processes required to attain CMMC certifications at the level needed to be awarded future DoD contracts. These new assessment procedures, which DoD calls “authoritative,” are leveraged from NIST SP 800-171A, the NIST guidance used to assess compliance with NIST SP 800-171. 

A notable inclusion in the Levels 2 – 3 Guide is the assessment criteria used to evaluate a contractor’s implementation of processes for each of the 17 CMMC Domains. Under the CMMC, the DoD has stated that contractors will not be certified at CMMC Levels 2 and above if the contractor has not satisfied both the technical practices and process maturity for the desired level.

These Guides will provide useful insights as contractors prepare for the DoD’s phased implementation of CMMC requirements into all DoD contracts over the next 5 years. 

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Kate M. Growley, CIPP/G, CIPP/US
Partner – Washington, D.C.
Phone: +1 202.624.2698
Email: kgrowley@crowell.com
Evan D. Wolff
Partner – Washington, D.C.
Phone: +1 202.624.2615
Email: ewolff@crowell.com
Maida Oringher Lerner
Senior Counsel – Washington, D.C.
Phone: +1 202.624.2596
Email: mlerner@crowell.com
Nkechi Kanu
Counsel – Washington, D.C.
Phone: +1 202.624.2872
Email: nkanu@crowell.com
Michael G. Gruden, CIPP/G
Associate – Washington, D.C.
Phone: +1 202.624.2545
Email: mgruden@crowell.com
Christopher R. Hebdon
Associate – Washington, D.C.
Phone: +1 202.624.2645
Email: chebdon@crowell.com