Michael G. GrudenCIPP/G
Overview
Michael G. Gruden is a counsel in Crowell & Moring's Washington, D.C. office, where he is a member of the firm’s Government Contracts and Privacy and Cybersecurity groups. He possesses real-world experience in the areas of federal procurement and data security, having worked as a Contracting Officer at both the U.S. Department of Defense (DoD) and the U.S. Department of Homeland Security (DHS) in the Information Technology, Research & Development, and Security sectors for nearly 15 years. Michael is a Certified Information Privacy Professional with a U.S. government concentration (CIPP/G). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework. Michael serves as co-chair of the ABA Science & Technology Section's Homeland Security Committee. |
Career & Education
- Department of Defense
Branch Chief / Supervisory Contracting Officer, Washington Headquarters Services, Office of the Secretary of Defense, 2012 — 2017 - Department of Homeland Security
Contracting Officer, U.S. Immigration and Customs Enforcement, 2011 — 2012
Senior Contract Specialist, DHS Headquarters, 2005 — 2011
- Department of Defense
- Virginia Commonwealth University, B.A., Magna cum Laude With University Honors
- Georgetown University Law Center, J.D.
- District of Columbia
- New York
Michael's Insights
Client Alert | 2 min read | 03.21.24
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) published an updated Secure Software Development Attestation Form, meaning that producers of software and providers of products containing software used by the federal government may be required to submit their attestations in the very near future. The Attestation Form, first published in April 2023, is a key cog in CISA’s implementation of software supply chain security requirements in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity and OMB Memoranda M-22-18 and M-23-16.
Speaking Engagement | 03.13.24
Press Coverage | 03.08.24
Big Shift Unlikely In DOD Cybersecurity Rule, Despite Worries
Webinar | 02.14.24
CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives
Representative Matters
Government Contracts
- Conducted internal investigations of government contractors, addressing a variety of issues relating to government contracts and regulations.
- Prepared clients for supply chain management audits and assessments including Contractor Purchasing System Reviews (CPSR).
- Assisted clients in suspension and debarment matters and drafted comprehensive responses to notices of proposed debarment.
- Represented government contractors in bid protests before the Government Accountability Office (GAO).
- Advised government contractors regarding organizational conflicts of interest and post-government employment restrictions.
Cybersecurity
- Engaged in longstanding partnerships with multiple defense contractors to devise compliance strategies for DFARS 252.204-7012, including routine gap assessments and subsequent remediation plans.
- Assisted major retailer with data breach notification reporting obligations and coordinated consumer and state notifications, as appropriate.
- Helped clients assess and comply with cyber incident reporting obligations under DFARS 252.204-7012.
- Conducted compliance assessments for clients and interpreted NIST SP 800-171 and NIST SP 800-53 regulatory requirements.
- Advised clients on cloud service provider requirements under DFARS 252.204-7012 and DFARS 252.239-7010.
- Counseled contractors regarding information security programs concentrating on Covered Defense Information (CDI), Controlled Unclassified Information (CUI), and Sensitive Security Information (SSI).
Michael's Insights
Client Alert | 2 min read | 03.21.24
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) published an updated Secure Software Development Attestation Form, meaning that producers of software and providers of products containing software used by the federal government may be required to submit their attestations in the very near future. The Attestation Form, first published in April 2023, is a key cog in CISA’s implementation of software supply chain security requirements in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity and OMB Memoranda M-22-18 and M-23-16.
Speaking Engagement | 03.13.24
Press Coverage | 03.08.24
Big Shift Unlikely In DOD Cybersecurity Rule, Despite Worries
Webinar | 02.14.24
CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives
Michael's Insights
Client Alert | 2 min read | 03.21.24
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) published an updated Secure Software Development Attestation Form, meaning that producers of software and providers of products containing software used by the federal government may be required to submit their attestations in the very near future. The Attestation Form, first published in April 2023, is a key cog in CISA’s implementation of software supply chain security requirements in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity and OMB Memoranda M-22-18 and M-23-16.
Speaking Engagement | 03.13.24
Press Coverage | 03.08.24
Big Shift Unlikely In DOD Cybersecurity Rule, Despite Worries
Webinar | 02.14.24
CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives