Insights

Professional

Practice

Industry

Region

Firm News 3 results

Firm News | 10 min read | 01.09.23

Crowell & Moring Elects 16 New Partners, Promotes Five to Senior Counsel, and 25 to Counsel

Crowell & Moring elected 16 lawyers to the firm’s partnership, effective January 1, 2023. The firm also promoted five lawyers to the position of senior counsel and 25 associates to the position of counsel.

Firm News | 3 min read | 03.02.21

Crowell & Moring Achieves CMMC Registered Provider Organization Status

...

Firm News | 3 min read | 02.22.19

Law360 Names Crowell & Moring's Government Contracts Group a "Practice Group of the Year" for the Ninth Consecutive Year

Washington – February 22, 2019: Crowell & Moring LLP is pleased to announce that its Government Contracts Group has been recognized as one of Law360’s “Practice Groups of the Year” for government contracts. This is the ninth consecutive year that the group has earned this honor.

...

Client Alerts 72 results

Client Alert | 2 min read | 03.21.24

Software Developments: CISA Finalizes Attestation Form, Triggering Secure Software Development Implementation

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) published an updated Secure Software Development Attestation Form, meaning that producers of software and providers of products containing software used by the federal government may be required to submit their attestations in the very near future. The Attestation Form, first published in April 2023, is a key cog in CISA’s implementation of software supply chain security requirements in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity and OMB Memoranda M-22-18 and M-23-16.

...

Client Alert | 5 min read | 02.08.24

Who I(aa)S Your Foreign Customer? Department of Commerce Proposes Foreign Customer Identification Requirements For U.S. IaaS Providers

On January 29, 2024, the Department of Commerce released a proposed rule: Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities, which solicits comments regarding a proposed new set of regulations that would introduce significant new requirements for U.S.-based Infrastructure as a Service (IaaS) providers. The proposed rule implements requirements from the January 2021 Executive Order Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities and part of the October 2023 Executive Order Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. If Commerce implements the regulations as proposed, IaaS providers would be required to create a Customer Identification Program (CIP), ensure any foreign resellers maintain a CIP, track all customer identities, verify the identities of foreign customers, and report certain transactions implicating large AI models that could be used for malicious cyber-enabled activities. The Department is soliciting comments on all aspects of the proposed rule by April 29, 2024.

...

Client Alert | 2 min read | 01.09.24

No Longer Cloudy: DoD Issues New Guidance on FedRAMP Moderate Equivalency Cloud Security Requirements

The Department of Defense (DoD) recently published a memorandum clarifying what it means for a cloud service provider (CSP) to be Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline “equivalent” and meet incident reporting requirements under Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012). The memorandum states, in order to be considered FedRAMP equivalent going forward, CSPs must (1) be FedRAMP Moderate/High-Authorized, or (2) secure a third-party assessment confirming their compliance with all FedRAMP Moderate baseline security controls.

...

Press Coverage 8 results

Press Coverage | 04.12.24

Demand Grows For Cyber Insurance In Wake Of Ransomware Attacks

Communications Daily

Press Coverage | 03.08.24

Big Shift Unlikely In DOD Cybersecurity Rule, Despite Worries

Law360

Press Coverage | 12.22.23

DoD Outlines Four-Phase Approach To Implement CMMC In Proposed Rule

Federal News Network

Publications 11 results

Publication | 01.15.24

What Sections 9 And 10 Of The Executive Order On AI Mean For Government Contractors

Federal News Network

Publication | January 2024

Solarwinds Whips Up a Software Cybersecurity Storm

Contract Management Magazine

Publication | 06.15.23

Spy Games: Biden Administration Issues Executive Order Restricting Federal Use Of Commercial Spyware

Government Contracting Law Report

Events 8 results

Event | 01.25.24, 5:00 PM PST - 7:30 PM PST

What Tech Start-Ups Need to Know in the Era of CMMC: Federal Government Contracting Perspectives

The Department of Defense (DOD)’s recent release of the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) has shaken up cybersecurity requirements for companies looking do business with the Federal Government. These emerging requirements become increasingly arduous for startup companies in the technology space – albeit cloud computing, software or artificial intelligence.

Event | 11.30.23, 5:00 PM EST - 7:00 PM EST

Tenth Annual Legal Careers in Cybersecurity, Privacy, and Information Law

Co-sponsored by the ABA’s SciTech e-Privacy Committee; the ABA's Public Contract Law Section Cybersecurity Privacy and Emerging Technology Committee; Young Lawyer’s Division, Homeland Security Committee; and, Crowell & Moring, this event brings together law students and cyber, privacy, and information law professionals to discuss careers in this dynamic area.

Event | 11.13.23, 3:30 PM EST - 5:00 PM EST

Government Contracts and Cybersecurity Maturity Model Certification

Overview of Government Contracts and Cybersecurity requirements, as well as recent developments in key areas.

Webinars 16 results

Webinar | 05.15.24, 1:00 PM EDT - 2:00 PM EDT

NIST SP 800-171 Transitions to Revision 3: What to Know

As the National Institute for Standards and Technology (NIST) prepares to release its highly anticipated Revision 3 to the security standard required by CMMC and current DoD contracts alike, join Crowell attorneys Evan Wolff and Michael Gruden in a robust discussion with one of the key architects of Revision 3, NIST’s own Senior Computer Scientist, Victoria Pillitteri.

Webinar | 04.11.24, 12:30 PM EDT - 1:45 PM EDT

FCBA Cybersecurity Committee Lunch and Learn

Crowell & Moring Counsel Michael Gruden, a member of the firm's Privacy & Cybersecurity Group, will be speaking at the FCBA's Cybersecurity Committee Lunch and Learn, taking place on April 11, 2024. His panel, "The Evolving World of Cyber Insurance: Overview, Considerations and Future Trends," will take place at 12:30 PM EST.

Webinar | 02.14.24, 1:00 PM EST - 2:00 PM EST

CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives

Members of Crowell’s Privacy & Cybersecurity practice and panelists from Coalfire and Mandiant will discuss the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) issued by the Department of Defense (DOD) in December.

Speaking Engagements 42 results

Speaking Engagement | 04.17.24

"Cybersecurity Compliance & Key Developments," OOPS 2024: Government Contracts Weathering a Dynamic Forecast, Washington, D.C.

Speaking Engagement | 03.15.24

"Who is Going to Pay for This? - Cyber Cost Allowability and Pricing Strategies in a Post-CMMC World," CIC 2024 Conference

Speaking Engagement | 03.13.24

"About the False Claims Act…from a Service Provider's Perspective," CMMC Implementation Conference (CIC), San Diego, CA

Blog Posts 14 results

Blog Post | 07.16.20

Companies Protecting Trade Secrets Should Consider Role of NIST’s Enhanced Security Requirements

Crowell & Moring’s Trade Secrets Trends

Blog Post | 02.21.19

DoD Increases DCMA Cybersecurity Responsibilities: DCMA to Implement and Assess Company-Wide Cyber Compliance

Crowell & Moring's Government Contracts Legal Forum

Blog Post | 11.08.18

SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud

Crowell & Moring's Data Law Insights

Podcasts 6 results

Podcast | 01.04.24

Special Edition of the Fastest 5 Minutes: CMMC

This special edition covers DoD’s proposed rule for the Cybersecurity Maturity Model Certification Program, and is hosted by Peter Eyre, Michael Gruden, and Nkechi Kanu. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

...

Podcast | 01.19.22

Byte-Sized Q&A: What is CISA and Why is it Important to Government Contractors?

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode of Byte Sized Q&A, Evan Wolff and Michael Gruden discuss the Cybersecurity Infrastructure Security Agency (CISA) and why it is important for contractors to take note of CISA’s actions.

...

Podcast | 03.22.21

Byte-Sized Q&A: What is Covered Defense Information?

In this episode, hosts Evan Wolff and Kate Growley talk with Michael Gruden about what government contractors need to know about covered defense information or CDI. Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces.

...