Buy 1 Get 2 Free Special on Cyber Regulations: DoD Interim Rule Unveils 3 New Clauses Geared at Cybersecurity Assessments
Client Alert | 1 min read | 09.29.20
The Department of Defense (DoD) has released its eagerly anticipated Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement two major initiatives: the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology and the Cybersecurity Maturity Model Certification (CMMC). The Interim Rule introduces the related clauses DFARS 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements and DFARS 252.204-7020, NIST SP 800-171 DoD Assessment Requirements; as well as the separate clause DFARS 252.204-7021, Cybersecurity Maturity Model Certification Requirements.
-7019 requires contractors to have a current NIST SP 800-171 DoD Assessment in order to be considered for award, which may have been met where contractors have had a recent Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) Assessment. Relatedly, -7020 requires contractors to provide the Government with access to their facilities and systems for higher-level Assessments, in addition to ensuring that subcontractors handling Covered Defense Information (CDI) have made their Assessments available to the Government.
-7021 implements the long-expected CMMC framework, where contractors must receive a third-party certification that they have met one of five specified cybersecurity levels – and maintain that certification for the duration of their contracts. The CMMC clause will begin appearing in select solicitations later this year, and eventually in all solicitations above the micro-purchase threshold by October 1, 2025, excluding those exclusively for commercially available off-the-shelf (COTS) items.
The Interim Rule goes into effect on November 30, 2020, with comments due the same day.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 6 min read | 07.09.26
EU Steel Overcapacity Regulation: New Permanent Measure in Force from 1 July 2026
The EU’s steel safeguard under Implementing Regulation (EU) 2019/159 expired on 30 June 2026 and has been replaced by a new permanent instrument — the EU Steel Overcapacity Regulation (Regulation (EU) 2026/1384) (the Regulation”). It imposes tariff-rate quotas and an out-of-quota duty, similarly to the steel safeguard measures that expired. The out-of-quota duty has been raised from 25% to 50% to minimize the risk of trade diversion. The Regulation reduces duty-free imports of 26 categories of steel products into the EU by an average of 47% compared with the quotas under the until recently applicable safeguard measures.
Client Alert | 1 min read | 07.08.26
CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117
Client Alert | 1 min read | 07.08.26
Crowell & Moring and Crowell GovCon Strategies at Farnborough International Airshow 2026
Client Alert | 7 min read | 07.08.26
Illinois Imposes Transparency and Safety Obligations on Frontier AI Systems
