Cybersecurity Maturity Model Matures: DoD Adds New Requirements to Draft Cybersecurity Certification
Client Alert | 1 min read | 09.10.19
The Defense Department has released Revision 0.4 of its Cybersecurity Maturity Model Certification (CMMC) that, starting next year, independent auditors are to use to certify contractor compliance with DoD cybersecurity requirements. Revision 0.4 more than doubles the number of cybersecurity controls across the CMMC’s five maturity “Levels.” But the DoD emphasizes that it will further down-select these controls and that mature contractor processes may counteract gaps in the final controls’ implementation. In addition to NIST SP 800-171 (the default standard under DFARS 252.204-7012), Revision 0.4 now incorporates requirements from the NIST Cybersecurity Framework, ISO 27001, and CIS Critical Security Controls, as well as from “additional DIB inputs.” Notably missing is NIST SP 800-171B, which remains under review.
The DoD is requesting feedback on Revision 0.4 through September 25, 2019, and plans on releasing Revision 0.6 for comment in November 2019. The final CMMC is expected in January 2020.
Contacts

Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 2 min read | 02.18.26
DHS Announces Virtual Town Halls on CIRCIA Final Rule
On February 13, 2026, the U.S. Department of Homeland Security (DHS) announced upcoming virtual town hall meetings scheduled for March 2026 regarding the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The meetings will allow industry stakeholders to provide input to DHS to refine the “scope and burden” of the forthcoming CIRCIA final rule.
Client Alert | 4 min read | 02.18.26
Federal Court Rules Some AI Chats Are Not Protected by Legal Privilege: What It Means For You
Client Alert | 6 min read | 02.18.26
The CeramTec Case, or How to (not) Navigate the Patent to Trademark Transition
Client Alert | 4 min read | 02.17.26
Texas Federal Court Hands Cyber Policyholders Major Win in Southwest Airlines Coverage Dispute

