Kate M. Growley
Overview
Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations, and policy engagement. With a unique combination of legal, policy, and consulting experience, Kate excels in translating complex technical topics into advice that is practical and informed by risk and business needs. | ![]() |
Career & Education
- Florida State University, B.S., summa cum laude, International Relations
- University of Virginia School of Law, J.D.
- Virginia
- District of Columbia
Kate's Insights
Webinar | 09.15.25
The Department of Defense (DoD) has released the highly anticipated second final rule for the Cybersecurity Maturity Model Certification Program (CMMC), ushering in its mandatory implementation that begins on November 10. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks on and data theft from the Defense Industrial Base. This program requires every DoD contractor that handles sensitive government data to certify compliance with certain cybersecurity controls. CMMC brings greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with compliance failures. To achieve certification, contractors must prove that their organizations can meet a myriad of security control obligations, a process that can be daunting without familiarity with the policies, procedures, and practices that will be required when the program is finalized.
Client Alert | 7 min read | 09.10.25
Client Alert | 3 min read | 08.26.25
Insights
- |
08.01.25
Journal of Federal Agency Action
Global Developments: New Actions in the Asia-Pacific
|05.14.24
Privacy and Cybersecurity Outlook: The 2024 Landscape
China: Recent Developments In Cross-Border Data Transfer Requirements
|12.18.23
OneTrust DataGuidance
Cybersecurity Provisions Proliferate In The National Defense Authorization Act
|03.15.22
Government Contracting Law Report
Advancing America’s Dominance in AI: The 2021 National Defense Authorization Act’s AI Developments
|05.06.21
The Journal of Robotics, Artificial Intelligence & Law
- |
04.27.21
Government Contracting Law Report
"Approaching Privacy in Ethical AI: The Pros, Cons and Grays," IAPP Asia Privacy Forum 2023, Singapore.
|07.20.23
Pentagon To Require New Cybersecurity 'Certification' From Defense Contractors
|05.31.19
Inside Defense
- |
09.02.25
Crowell & Moring’s Government Contracts Legal Forum
Last Chance to Comment on FASC Rule – More Supply Chain Restrictions Coming
|10.27.20
Crowell & Moring’s Government Contracts Legal Forum
Chinese Individual Indicted for Alleged Trade Secret Theft from Semiconductor Company
|10.23.20
Crowell & Moring’s Trade Secrets Trends
Companies Protecting Trade Secrets Should Consider Role of NIST’s Enhanced Security Requirements
|07.16.20
Crowell & Moring’s Trade Secrets Trends
DoD Acquisition Chief Looks Back at the Year that Was and Previews the Year to Come
|12.24.19
Crowell & Moring's Government Contracts Legal Forum
Privacy & Cybersecurity – New York Enacts the SHIELD Act
|08.20.19
Crowell & Moring's International Trade Law
The U.S. Announces Endorsement of OECD’s Principles for Responsible AI
|06.04.19
Crowell & Moring's Government Contracts Legal Forum
Kate's Insights
Webinar | 09.15.25
The Department of Defense (DoD) has released the highly anticipated second final rule for the Cybersecurity Maturity Model Certification Program (CMMC), ushering in its mandatory implementation that begins on November 10. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks on and data theft from the Defense Industrial Base. This program requires every DoD contractor that handles sensitive government data to certify compliance with certain cybersecurity controls. CMMC brings greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with compliance failures. To achieve certification, contractors must prove that their organizations can meet a myriad of security control obligations, a process that can be daunting without familiarity with the policies, procedures, and practices that will be required when the program is finalized.
Client Alert | 7 min read | 09.10.25
Client Alert | 3 min read | 08.26.25