Insights

Professional
Practice
Industry
Region
Trending Topics
Location
Type

Sort by:

Firm News 5 results

Firm News | 1 min read | 07.01.25

Crowell Represents Parsons Corporation in Strategic $89M Acquisition

Washington – July 1, 2025: A Crowell & Moring team represented Parsons Corporation in its $89 million acquisition of Chesapeake Technology International, a defense technology firm known for its advanced capabilities supporting all-domain operations and the Indo-Pacific Command.
...

Firm News | 9 min read | 01.02.25

Crowell & Moring Elects 12 New Partners, Promotes Four to Senior Counsel and 25 to Counsel

Crowell & Moring elected 12 new partners effective January 1, 2025. The firm also promoted four lawyers to the senior counsel and 25 associates to counsel.

Firm News | 9 min read | 01.09.23

Crowell & Moring Elects 16 New Partners, Promotes Five to Senior Counsel, and 25 to Counsel

Crowell & Moring elected 16 lawyers to the firm’s partnership, effective January 1, 2023. The firm also promoted five lawyers to the position of senior counsel and 25 associates to the position of counsel.

Client Alerts 92 results

Client Alert | 7 min read | 09.10.25

Finally, the CMMC Final Rule: DoD Completes CMMC Rulemaking, Ushering in New Era in DoD Cybersecurity

On September 10, 2025, the Department of Defense (DoD) published a final rule (CMMC Clause Rule) that will apply its much-anticipated Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors. Under the CMMC Clause Rule, starting on November 10, 2025, DoD can include CMMC requirements—potentially including third-party cybersecurity assessments—in contracts that require the handling of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).
...

Client Alert | 3 min read | 08.26.25

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:
...

Client Alert | 16 min read | 07.25.25

White House AI Action Plan Seeks to Establish “Dominance,” Boost Innovation, and Scrutinize Regulations

On July 23, 2025, the White House released Winning the Race: America’s AI Action Plan (“the Plan”) the Trump Administration’s most significant policy statement on artificial intelligence to date.
...

Press Coverage 18 results

Publications 17 results

Publication | 01.28.25

Changes to Critical Infrastructure Requirements

In 2025, owners and operators of critical infrastructure will have new security and information sharing obligations to consider under the National Security Memorandum 22 (“NSM-22” or the “Memorandum”). NSM- 22 replaces the Obama-era Presidential Policy Directive 21: Critical Infrastructure Security and Resilience (PPD-21).
...

Publication | 01.28.25

Preparing for CMMC in 2025

After years of anticipation and a series of delays, implementation of the U.S. Department of Defense’s Cyber Maturity Model Certification Program (CMMC) is rapidly approaching. Though CMMC is not expected to enter into effect until early-to- mid 2025, DOD contactors can start taking steps now to ensure a smooth transition into this new regulatory era.
...

Publication | 01.28.25

Will Higher Education Institutions Face Enhanced Cybersecurity Requirements?

U.S. colleges and universities watched closely this summer when the DOJ, in a novel move, scrutinized the cybersecurity compliance of a research lab at an academic institution.
...

Events 12 results

Event | 04.10.25, 8:00 AM EDT - 1:00 PM EDT

Crowell's CMMC Day

You are invited to attend Crowell's CMMC Day, an in-person event dedicated to exploring the complexities of CMMC implementation and associated legal risks. This event will feature a series of insightful conversations with industry experts on topics such as prepping for assessments, risk management, and the government and private sector’s perspectives on CMMC. 

Event | 11.19.24, 8:00 AM EST - 9:30 AM EST

CMMC Finalized: How to Prepare & Achieve Certification

Crowell is honored to host Ms. Stacy Bostjanick, the Defense Department’s CMMC Program Director, who will be joined live by Crowell attorneys Evan Wolff and Michael Gruden for an engaging fireside chat.

Event | 09.12.24, 8:00 AM EDT - 12:30 PM EDT

Cybersecurity Symposium: The Cyberside Chat

Crowell & Moring Counsel Michael Gruden, a member of the firm's Privacy & Cybersecurity Group, will be speaking at the Cybersecurity Symposium: The Cyberside Chat, taking place on Thursday, September 12 in Washington, D.C. His panel, "The Black, White, and Grey of Cybersecurity Compliance," will be taking place at 11:35 AM ET.

Webinars 19 results

Webinar | 09.15.25, 12:00 PM EDT - 1:00 PM EDT

CMMC Clause Rule: What to Know

The Department of Defense (DoD) has released the highly anticipated second final rule for the Cybersecurity Maturity Model Certification Program (CMMC), ushering in its mandatory implementation that begins on November 10. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks on and data theft from the Defense Industrial Base.  This program requires every DoD contractor that handles sensitive government data to certify compliance with certain cybersecurity controls.  CMMC brings greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with compliance failures. To achieve certification, contractors must prove that their organizations can meet a myriad of security control obligations, a process that can be daunting without familiarity with the policies, procedures, and practices that will be required when the program is finalized.
...

Webinar | 05.20.25, 10:00 AM EDT - 12:00 PM EDT

SPX Technologies: AI in Legal and Cybersecurity for DoD Contractors

10:00 a.m. - 11:15 a.m. ET (1 hour 15 minutes)
...

Webinar | 01.27.25, 10:00 AM EST - 10:45 AM EST

Cyber For All: A FAR CUI Proposed Rule Webinar

The FAR Council recently released a proposed rule (the “FAR CUI Rule”) that would amend the FAR to implement federal government-wide Controlled Unclassified Information (CUI) cybersecurity, training, and incident reporting requirements for government contractors and subcontractors.  

Speaking Engagements 59 results

Speaking Engagement | 07.29.25

"CMMC July 2025 Town Hall," The Cyber AB

Blog Posts 16 results

Blog Post | 08.01.25

White House AI Action Plan Seeks to Establish “Dominance,” Boost Innovation, and Scrutinize Regulations

Crowell & Moring’s Government Contracts Legal Forum 

Podcasts 8 results

Podcast | 09.11.25

Fastest 5 Minutes: CMMC

This week’s episode covers DOD’s final rule applying the Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors, and is hosted by Peter Eyre and Michael Gruden. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
...

Podcast | 10.25.24

Special Edition of the Fastest 5 Minutes: CMMC

This week’s special edition focuses on DOD’s final rule formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC), and is hosted by Peter Eyre, Yuan Zhou, and Michael Gruden. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
...

Podcast | 01.04.24

Special Edition of the Fastest 5 Minutes: CMMC

This special edition covers DoD’s proposed rule for the Cybersecurity Maturity Model Certification Program, and is hosted by Peter Eyre, Michael Gruden, and Nkechi Kanu. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
...