Insights

Washington – February 22, 2019: Crowell & Moring LLP is pleased to announce that its Government Contracts Group has been recognized as one of Law360’s “Practice Groups of the Year” for government contracts. This is the ninth consecutive year that the group has earned this honor.

Washington, D.C. – January 9, 2015: Crowell & Moring LLP is pleased to announce that its Government Contracts Group has been named to Law360's "Practice Groups of the Year" listing for Government Contracts for the fifth straight year. For this listing, Law360 recognizes "firms that came through for their clients in 2014, sealing the big deals and winning the high-stakes suits."

On October 11, 2024, the Department of Defense (DoD) released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC).[1] 

On August 15, 2024, the Department of Defense (“DoD”) released the long-awaited proposed rule (“August 2024 Proposed Rule”), updating Defense Federal Acquisition Regulation Supplement (“DFARS”) Clause 252.204-7021 (the “7021 Clause”), which, when final, will initiate the phased implementation of Cybersecurity Maturity Model Certification 2.0 (“CMMC”) requirements into DoD contracts.  The Clause will require every defense contractor that handles Federal Contract Information (“FCI”) or Controlled Unclassified Information (“CUI”) to assess and certify compliance with select CMMC security requirements.  The August 2024 Proposed Rule introduces several distinct changes to the 7021 Clause published by DoD in January 2023, including:

On July 25, 2024 the Office of Management and Budget (OMB) issued Memorandum M-24-15, Modernizing the Federal Risk Authorization Management Program (FedRAMP) (the Memo).  The Memo proposes substantial updates to FedRAMP, replacing the December 2011 memorandum (2011 Memo) that established FedRAMP as the government-wide security and risk assessments program for cloud services providers (CSPs) supporting federal government operations.

Crowell & Moring's Ounce of Prevention Seminar, hosted by the firm's Government Contracts Group, is featured in a BNA article discussing compliance measures for federal contractors. George Washington University law professor Steven Schooner, who spoke at the conference, discussed key compliance cases to highlight the importance of risk avoidance for contractors.

Washington, D.C.-based Government Contracts partner Evan Wolff and senior counsel Maida Lerner are featured in BNA after speaking at Crowell & Moring’s annual Ounce of Prevention Seminar. Wolff and Lerner highlight best practices that lawyers can recommend to mitigate cybersecurity risks, noting that the most important step is to prepare for an incident. Wolff and Lerner also advised that firms should clearly establish who is in charge of cyber issues and should advise clients to have well-established policies and procedures related to cybersecurity.

Protecting critical infrastructure is paramount to today’s digital age. Critical infrastructure includes physical and virtual systems essential for the functioning of our society, economy, and national security. Such a definition may include power grids, communication networks, and financial institutions, among other networks that heavily rely on interconnected computer systems. These systems are also considered critical infrastructure, as they are used to protect critical cybersecurity infrastructure.