Insights

Washington – February 22, 2019: Crowell & Moring LLP is pleased to announce that its Government Contracts Group has been recognized as one of Law360’s “Practice Groups of the Year” for government contracts. This is the ninth consecutive year that the group has earned this honor.

Washington, D.C. – January 9, 2015: Crowell & Moring LLP is pleased to announce that its Government Contracts Group has been named to Law360's "Practice Groups of the Year" listing for Government Contracts for the fifth straight year. For this listing, Law360 recognizes "firms that came through for their clients in 2014, sealing the big deals and winning the high-stakes suits."

On May 14, 2024, the National Institute of Standard and Technology (NIST) published the final versions of Special Publication (SP) 800-171 Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations and its companion assessment guide, NIST SP 800-171A, Revision 3 (collectively, “Rev. 3 Final Version”).  While the Department of Defense (DoD) is not requiring contractors who handle Controlled Unclassified Information (CUI) to implement Rev. 3 for now, it is expected that DoD will eventually incorporate Rev. 3 into both DFARS 252.204-7012,  Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012) as well as the forthcoming Cyber Maturity Model Certification (CMMC) program. 

On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012,  Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012), specifying that contractors subject to the clause must comply with NIST SP 800-171, Revision 2.  The deviation (labeled Deviation 2024-O0013) will delay the incorporation of NIST SP 800-171, Revision 3—which is set to be finalized in the next few weeks—into DFARS 7012.

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) published an updated Secure Software Development Attestation Form, meaning that producers of software and providers of products containing software used by the federal government may be required to submit their attestations in the very near future. The Attestation Form, first published in April 2023, is a key cog in CISA’s implementation of software supply chain security requirements in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity and OMB Memoranda M-22-18 and M-23-16.

Crowell & Moring's Ounce of Prevention Seminar, hosted by the firm's Government Contracts Group, is featured in a BNA article discussing compliance measures for federal contractors. George Washington University law professor Steven Schooner, who spoke at the conference, discussed key compliance cases to highlight the importance of risk avoidance for contractors.

Washington, D.C.-based Government Contracts partner Evan Wolff and senior counsel Maida Lerner are featured in BNA after speaking at Crowell & Moring’s annual Ounce of Prevention Seminar. Wolff and Lerner highlight best practices that lawyers can recommend to mitigate cybersecurity risks, noting that the most important step is to prepare for an incident. Wolff and Lerner also advised that firms should clearly establish who is in charge of cyber issues and should advise clients to have well-established policies and procedures related to cybersecurity.

Protecting critical infrastructure is paramount to today’s digital age. Critical infrastructure includes physical and virtual systems essential for the functioning of our society, economy, and national security. Such a definition may include power grids, communication networks, and financial institutions, among other networks that heavily rely on interconnected computer systems. These systems are also considered critical infrastructure, as they are used to protect critical cybersecurity infrastructure.