Jessica R. Chao

Overview

Jessica advises clients on a wide range of internal and government-facing investigations, with a specialized focus on navigating the challenges arising at the intersection of government contracts and cybersecurity. She also supports clients with general compliance in government contract transactions, developing corporate policies, procedures, and governance, and conducting cybersecurity compliance reviews. Her practice also includes assisting clients with due diligence in transactions.

Jessica’s experience prior to joining the firm includes clerking for the Honorable Lino S. Lipinsky de Orlov at the Colorado Court of Appeals and working as a legal extern for a leading global government contractor during law school, where she concentrated on procurement contract review and diligence.

Jessica is actively involved in community service as a board member and Community Outreach Committee co-chair for the Colorado Asian Pacific American Bar Association.

Career & Education

University of Denver Sturm College of Law, J.D., Corporate and Commercial Law Certificate and Workplace Law Certificate
Pepperdine University, B.A., cum laude
- University of Denver Sturm College of Law, J.D., Corporate and Commercial Law Certificate and Workplace Law Certificate
- Pepperdine University, B.A., cum laude
Colorado
- Colorado
Appellate Judicial Clerk to the Honorable Lino S. Lipinsky de Orlov, Colorado Court of Appeals
- Appellate Judicial Clerk to the Honorable Lino S. Lipinsky de Orlov, Colorado Court of Appeals
Colorado Bar Association

American Bar Association

Young Lawyers Division

Public Contract Law

Colorado Asian Pacific American Bar Association

Board of Directors

Co-chair, Community Outreach Committee

Member, Mentorship Committee
- Colorado Bar Association
- American Bar Association
  
  Young Lawyers Division
  
  Public Contract Law
- Colorado Asian Pacific American Bar Association
  
  Board of Directors
  
  Co-chair, Community Outreach Committee
  
  Member, Mentorship Committee
Korean
- Korean

Jessica's Insights

Client Alert | 4 min read | 04.14.26

FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures

The Federal Risk and Authorization Management Program (FedRAMP) continues to advance its modernization agenda. On April 8, 2026, FedRAMP released RFC-0031, Updated Incident Communications Procedures for public comment. This RFC proposes replacing the current FedRAMP Incident Communications Procedures (ICP) with what FedRAMP calls “a clear set of reporting requirements … established using a modern rules-based format.” ...

Blog Post | 01.26.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment
Blog Post | 01.22.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment
Client Alert | 3 min read | 01.21.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment

View All Insights

Insights

Client Alert | 4 min read | 04.14.26

FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures

Blog Post | 01.26.26

FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment

Blog Post | 01.22.26

FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment

Client Alert | 3 min read | 01.21.26

FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment

Uncharted Waters Ahead For FCA Litigation In 2024
|
01.17.24
Law360
FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures
|
04.14.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment
|
01.21.26
An ITAR-ly Critical Reminder of Cybersecurity Requirements: DOJ Settles with Swiss Automation, Inc.
|
12.23.25
From Yellow Jackets to Red Flags: DOJ Stings Georgia Tech for Alleged Cybersecurity Noncompliance
|
10.06.25
Finally, the CMMC Final Rule: DoD Completes CMMC Rulemaking, Ushering in New Era in DoD Cybersecurity
|
09.10.25
Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity
|
08.26.25
For Better or MORSE: Another Settlement Under DOJ’s Civil Cyber-Fraud Initiative
|
04.01.25
Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers
|
03.31.25
An Un[waiver]ing Commitment to CMMC: The Department of Defense Issues Guidance for Determining Assessment Levels
|
02.21.25
Allegations of a Litany of Lyin’: Penn State Settles Claims of Cybersecurity Noncompliance
|
11.11.24
View All Client Alerts
"Information Risk Management and Security," Government Contracts 101 Seminar, Washington, D.C.
|
10.23.25
"Information Risk Management and Security," 3rd Annual Midwest Government Contracts Seminar, Chicago, IL.
|
09.17.25
"CMMC Final Rule: What to Know," Crowell & Moring Webinar
|
09.15.25
"Cybersecurity Compliance & Key Developments," OOPS 2025: Government Contractors Reacting and Adapting to the New Administration, Tyson's Corner, VA.
|
05.13.25
"Civil Cyber-Fraud Enforcement: The Latest Developments and Risk-Mitigation Strategies," Crowell & Moring Webinar
|
02.19.25
"Cybersecurity and Government Contracts," 2nd Annual Midwest Government Contracts Seminar, Chicago, IL.
|
10.29.24
"Doing Business with the U.S. Government," Denver Government Contracts Seminar, Denver, CO, 2024.
|
05.08.24
Crowell & Moring Elects 15 New Partners, Promotes One to Senior Counsel and 26 to Counsel
|
01.09.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment
|
01.26.26
Crowell & Moring’s Government Contracts Legal Forum
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment
|
01.22.26
Crowell & Moring’s Government Contracts Legal Forum
An ITAR-ly Critical Reminder of Cybersecurity Requirements: DOJ Settles with Swiss Automation, Inc.
|
12.29.25
Crowell & Moring’s Government Contracts Legal Forum

View All Insights

Practices

Jessica's Insights

Client Alert | 4 min read | 04.14.26

FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures

The Federal Risk and Authorization Management Program (FedRAMP) continues to advance its modernization agenda. On April 8, 2026, FedRAMP released RFC-0031, Updated Incident Communications Procedures for public comment. This RFC proposes replacing the current FedRAMP Incident Communications Procedures (ICP) with what FedRAMP calls “a clear set of reporting requirements … established using a modern rules-based format.” ...

Blog Post | 01.26.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment
Blog Post | 01.22.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment
Client Alert | 3 min read | 01.21.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment

View All Insights

Jessica R. Chao

Overview

Overview

Career & Education

Education

Admissions

Clerkships

Affiliations

Languages

Jessica's Insights

Insights

Publications

Client Alerts

Speaking Engagements

Firm News

Blog Posts

Practices

Jessica's Insights