Background - Privacy & Cybersecurity

CMMC Registered Provider Organization


Preparing for Your CMMC Assessment

Crowell & Moring is a Registered Provider Organization (RPO) under the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB).

The CMMC-AB has recognized Crowell & Moring as a law firm provider to help defense contractors comply with CMMC cybersecurity standards and prepare for their assessments, which will become mandatory for all Defense Department contractors by Fiscal Year 2026, with few exceptions.

As an RPO, Crowell & Moring is recognized by the CMMC-AB to help contractors understand what requirements they have to meet and to prepare their operations for their mandatory assessment. The firm’s team includes lawyers, technologists, and CMMC registered practitioners within its leading Privacy and Cybersecurity and Government Contracts groups. The team helps contractors comply with cybersecurity requirements in anticipation of their assessments, remediate challenges, and manage ongoing compliance.

Our CMMC Registered Practitioners include:

  • Partner Evan D. Wolff, co-chair of Crowell & Moring’s Privacy and Cybersecurity Group, is a former special assistant to the assistant secretary for infrastructure protection at the Department of Homeland Security.
  • Associate Michael G. Gruden (CIPP/G) is a member of the firm’s Privacy and Cybersecurity and Government Contracts groups, and he is a former supervisory contracting officer at both the DoD and Department of Homeland Security.

Crowell & Moring is the first law firm to achieve RPO status within the AmLaw 100, a ranking of top grossing U.S. law firms. The RPOs and RPs in the CMMC ecosystem provide advice, consulting, and recommendations to their clients. They are the implementers and consultants, but do not conduct certified assessments. For more information, click here for the full press release or visit the CMMC marketplace