1. Home
  2. |Insights
  3. |What the OMB Cybersecurity Proposal Does and Doesn't Do

What the OMB Cybersecurity Proposal Does and Doesn't Do

Client Alert | less than 1 min read | 08.28.15

Open for comment until September 10, the recently released OMB cybersecurity guidance, Improving Cybersecurity Protections in Federal Acquisitions, marks another attempt by the Obama Administration to improve our nation's cybersecurity through the regulation of federal contractors. Although it addresses key areas concerning cybersecurity risk management, Crowell & Moring attorneys explain in this Law360 article why the proposed guidance may generate more problems than it resolves by creating the potential for even more inconsistency across agency standards.

 

Contacts

Insights

Client Alert | 2 min read | 07.15.26

CMMC Phase II Suspension Requires Reconsideration of Such Requirements in Solicitations

As discussed in more detail here, the U.S. Department of War (DoW) recently issued a memorandum (Memo 26-P-1023, dated July 13, 2026) directing the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements (Level I and II self assessments are still permitted). Significantly, the memo directs that “all pending and future CMMC implementation milestones across DoW solicitations and contracts are held in abeyance until further notice.” Moreover, the DoW issued a memorandum on implementing these requirements (available here), directing agencies to issue amendments removing CMMC Level 2 and 3 requirements from active solicitations “as soon as practicable.” Contractors should monitor the government’s compliance with this requirement and should be prepared, if needed, to file a bid protest to protect their rights....