Insights

Professional

Practice

Industry

Region

Firm News 17 results

Firm News | 11 min read | 06.05.25

Crowell Attains Leading Rankings in Chambers USA 2025

Washington – June 5, 2025: Crowell & Moring earned 80 rankings for 71 lawyers, as well as 43 national and statewide practice area rankings, in the Chambers USA 2025 guide. The rankings are driven by independent interviews of clients and lawyers at peer firms.

Firm News | 8 min read | 08.15.24

The Best Lawyers in America 2025 Recognizes 42 Crowell & Moring Attorneys, Three Selected as Lawyer of the Year

Washington – August 15, 2024: The 2025 edition of The Best Lawyers in America® has recognized 42 Crowell & Moring lawyers as "Best Lawyers" and 29 lawyers as “Ones to Watch.”

...

Firm News | 4 min read | 06.24.24

Crowell Earns Top Rankings from Legal 500 United States 2024

Washington – June 24, 2024: Crowell & Moring has been recommended in eight practice areas in the 17th edition of the Legal 500 United States. In addition, partner Daniel Forman, co-chair of the firm’s Government Contracts Group, has been named to the Legal 500’s “Hall of Fame” for Government Contracts.

...

Client Alerts 177 results

Client Alert | 4 min read | 06.10.25

Trump Administration Cyber Executive Order Revises Prior Administrations’ Requirements

On June 6, 2025 President Trump signed an Executive Order, Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144 (the “Trump Cyber EO”). The Trump Cyber EO rescinds and modifies select Biden administration guidance from EO 14144 covering several cybersecurity regimes, including digital identity verification, artificial intelligence, and secure software development practices, and it amends Obama administration guidance from EO 13694 authorizing sanctions on persons involved in malicious cyber activities. We have provided a summary of significant changes made by the Trump Cyber EO below.

...

Client Alert | 2 min read | 05.15.25

DoD Specifies Implementation Requirements for NIST 800-171 Cyber Standard

The Department of Defense (DoD) has released a memorandum establishing the DoD Organization-Defined Parameters (ODPs) for use in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision (Rev) 3. Currently, DoD’s cybersecurity regimes require government contractors to comply with NIST SP 800-171 Rev. 2. However, the release of this memorandum may indicate DoD’s intention to soon incorporate Rev. 3 into DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012) as well as the forthcoming Cybersecurity Maturity Model Certification (CMMC).

...

Client Alert | 2 min read | 03.31.25

Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers

On March 12, 2025, the Government of Canada announced plans to launch the Canadian Program for Cyber Security Certification (CPCSC). CPCSC is a cybersecurity compliance verification program that aims to protect sensitive unclassified government information handled by Canadian government contractors and subcontractors within Canada’s defense sector. Canada will roll out CPCSC to contractors in four phases, with the first phase launching this month.

...

Press Coverage 49 results

Press Coverage | 02.01.24

Cybersecurity & Privacy Group Of The Year: Crowell & Moring

Law360

Press Coverage | 11.09.23

SEC/SolarWinds Legal Analysis w/Evan Wolff (podcast)

The Cyber Ranch Podcast

Press Coverage | 11.09.23

SolarWinds Says SEC Sucks: Watchdog 'Lacks Competence' To Regulate Cybersecurity

The Register

Publications 33 results

Publication | 01.28.25

Changes to Critical Infrastructure Requirements

In 2025, owners and operators of critical infrastructure will have new security and information sharing obligations to consider under the National Security Memorandum 22 (“NSM-22” or the “Memorandum”). NSM- 22 replaces the Obama-era Presidential Policy Directive 21: Critical Infrastructure Security and Resilience (PPD-21).

...

Publication | 01.28.25

Preparing for CMMC in 2025

After years of anticipation and a series of delays, implementation of the U.S. Department of Defense’s Cyber Maturity Model Certification Program (CMMC) is rapidly approaching. Though CMMC is not expected to enter into effect until early-to- mid 2025, DOD contactors can start taking steps now to ensure a smooth transition into this new regulatory era.

...

Publication | 05.14.24

Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions

Privacy and Cybersecurity Outlook: The 2024 Landscape

Protecting critical infrastructure is paramount to today’s digital age. Critical infrastructure includes physical and virtual systems essential for the functioning of our society, economy, and national security. Such a definition may include power grids, communication networks, and financial institutions, among other networks that heavily rely on interconnected computer systems. These systems are also considered critical infrastructure, as they are used to protect critical cybersecurity infrastructure.

...

Events 50 results

Event | 05.19.25 - 05.22.25

Law-Tech Connect and XPONENTIAL 2025

Join Crowell at Law-Tech Connect and AUVSI XPONENTIAL in Houston, where industry experts focus on how changes in technology, policy, safety, and society are shaping the uncrewed systems and robotics industry. Co-located at XPONENTIAL, Law-Tech Connect is designed to connect and inform all those involved in uncrewed and autonomous systems in a one-day session focused on the intersection between technology and legal issues.

Event | 04.10.25, 8:00 AM EDT - 1:00 PM EDT

Crowell's CMMC Day

You are invited to attend Crowell's CMMC Day, an in-person event dedicated to exploring the complexities of CMMC implementation and associated legal risks. This event will feature a series of insightful conversations with industry experts on topics such as prepping for assessments, risk management, and the government and private sector’s perspectives on CMMC.

Event | 11.19.24, 8:00 AM EST - 9:30 AM EST

CMMC Finalized: How to Prepare & Achieve Certification

Crowell is honored to host Ms. Stacy Bostjanick, the Defense Department’s CMMC Program Director, who will be joined live by Crowell attorneys Evan Wolff and Michael Gruden for an engaging fireside chat.

Webinars 28 results

Webinar | 06.05.25, 9:00 AM EDT - 10:00 AM EDT

Scattered Spider Cybersecurity Attacks

In this webinar, lawyers from the law firms Crowell & Moring and Allens, together with a leading technical expert from the cybersecurity firm Mandiant, will discuss the specific attributes of the "scattered spider" attacks and the steps you can take now to prepare for them both internally and throughout your supply chain.

Webinar | 01.27.25, 10:00 AM EST - 10:45 AM EST

Cyber For All: A FAR CUI Proposed Rule Webinar

The FAR Council recently released a proposed rule (the “FAR CUI Rule”) that would amend the FAR to implement federal government-wide Controlled Unclassified Information (CUI) cybersecurity, training, and incident reporting requirements for government contractors and subcontractors.

Webinar | 05.15.24, 1:00 PM EDT - 2:00 PM EDT

NIST SP 800-171 Transitions to Revision 3: What to Know

As the National Institute for Standards and Technology (NIST) prepares to release its highly anticipated Revision 3 to the security standard required by CMMC and current DoD contracts alike, join Crowell attorneys Evan Wolff and Michael Gruden in a robust discussion with one of the key architects of Revision 3, NIST’s own Senior Computer Scientist, Victoria Pillitteri.

Speaking Engagements 209 results

Speaking Engagement | 06.05.25, 10:03 AM EDT

"Scattered Spider Cybersecurity Attacks," Crowell & Moring Webinar.

Speaking Engagement | 05.19.25

"Future-Proofing for Over the Horizon Operational Challenges: Lessons Learned from Warfare," Law-Tech Connect and XPONENTIAL 2025

Speaking Engagement | 05.13.25

"Cybersecurity Compliance & Key Developments," OOPS 2025: Government Contractors Reacting and Adapting to the New Administration, Tyson's Corner, VA.

Blog Posts 17 results

Blog Post | 02.10.20

Energy Cybersecurity Act of 2019

Crowell & Moring's Data Law Insights

Blog Post | 08.20.19

Privacy & Cybersecurity – New York Enacts the SHIELD Act

Crowell & Moring's International Trade Law

Blog Post | 02.21.19

DoD Increases DCMA Cybersecurity Responsibilities: DCMA to Implement and Assess Company-Wide Cyber Compliance

Crowell & Moring's Government Contracts Legal Forum

Podcasts 19 results

Podcast | 02.15.22

Byte-Sized Q&A: What Should Contractors Know About the Cybersecurity Provisions Included In, and Left Out Of, the National Defense Authorization Act

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, Evan Wolff and Chris Hebdon discuss the notable cybersecurity provisions and omissions in the National Defense Authorization Act (NDAA) for Fiscal Year 2022.

...

Podcast | 01.19.22

Byte-Sized Q&A: What is CISA and Why is it Important to Government Contractors?

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode of Byte Sized Q&A, Evan Wolff and Michael Gruden discuss the Cybersecurity Infrastructure Security Agency (CISA) and why it is important for contractors to take note of CISA’s actions.

...

Podcast | 12.03.21

Byte-Sized Q&A: What’s not in CMMC 2.0?

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, hosts Evan Wolff and Kate Growley talk through some key elements that are no longer expected under CMMC 2.0.

...