Background - News & Events (Landing) 2016

Media Contacts

Search NewsRoom

Advanced Search >

Firm News & Announcements

Crowell & Moring Achieves CMMC Registered Provider Organization Status

Recognized to Help Defense Contractors Prepare for New Cybersecurity Assessments

Washington – March 2, 2021: Crowell & Moring has become the first AmLaw 100 firm to achieve Registered Provider Organization (RPO) status by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB). The CMMC-AB has recognized Crowell & Moring as a law firm provider to help defense contractors comply with CMMC cybersecurity standards and prepare for their assessments, which will become mandatory for all Defense Department contractors within the next five years, with few exceptions.

The DoD will begin incorporating CMMC requirements into an increasing number of solicitations later this year, creating a unified standard for implementing cybersecurity across the defense industrial base. Previously, defense contractors were responsible for certifying the security of their own information technology systems. Now, the CMMC will require all defense contractors to obtain third-party certified assessments, creating a new verification component to ensure that contractors meet cybersecurity requirements and adequately protect sensitive information on their networks.

“CMMC certification will be required for more than 300,000 companies within the DoD supply chain—from those providing health services to the VA to those that equip our troops for their missions,” said Evan D. Wolff, co-chair of Crowell & Moring’s Privacy & Cybersecurity Group. “Achieving RPO status is important for our team of lawyers and technologists because we understand the critical importance of cybersecurity for DoD contractors. We know how the assessment process will work, and we are committed to providing practical and actionable advice so that our clients reach best-in-class cybersecurity, achieve CMMC certification, and win contracts for new business.” 

As an RPO, Crowell & Moring is recognized by the CMMC-AB to help contractors understand what requirements they have to meet and to prepare their operations for their mandatory assessment. The firm’s team includes lawyers, technologists, and CMMC registered practitioners within its leading Privacy & Cybersecurity and Government Contracts groups. The team will help contractors comply with cybersecurity requirements in anticipation of their assessments, remediate challenges, and manage ongoing compliance.

In addition to achieving RPO status, Crowell & Moring is pleased to announce that three of the firm’s lawyers have achieved Registered Practitioner (RP) status:

  • Partner Evan D. Wolff, co-chair of Crowell & Moring’s Privacy & Cybersecurity Group, is a former special assistant to the assistant secretary for infrastructure protection at the Department of Homeland Security.
  • Partner Kate M. Growley (CIPP/US, CIPP/G) is a member of the Privacy & Cybersecurity Group’s steering committee and a member of the firm’s Government Contracts and Litigation groups.
  • Associate Michael G. Gruden (CIPP/G) is a member of the firm’s Privacy & Cybersecurity and Government Contracts groups and a former supervisory contracting officer at both the DoD and Department of Homeland Security.

“Right now, the CMMC is specific to DoD contractors. But we expect it will become increasingly relevant to all contractors as CMMC adoption likely expands throughout the government,” Growley said. “Achieving certification can also provide a commercial advantage for contractors. Meeting CMMC requirements can be a differentiator for companies when they compete in the private sector. It’s an opportunity to show they can meet some of the most comprehensive and stringent cybersecurity requirements imposed by the U.S. government.”

“As a former contracting officer, I understand the practical impact of cybersecurity regulations, as well as what it takes to strengthen organizations against attacks. Cybersecurity is of paramount importance for all defense contractors. The DoD has highlighted that there are unprecedented cyber threats against contractors and even lower-tier suppliers are highly vulnerable to attacks,” Gruden said.

Crowell & Moring is the first law firm to achieve RPO status within the AmLaw 100, a ranking of top grossing U.S. law firms. The RPOs and RPs in the CMMC ecosystem provide advice, consulting, and recommendations to their clients. They are the implementers and consultants, but do not conduct certified assessments. For more information, visit the CMMC marketplace.


Nicole Quigley
Senior Communications Advisor