Insights

Professional

Practice

Industry

Region

Firm News 5 results

Firm News | 1 min read | 07.01.25

Crowell Represents Parsons Corporation in Strategic $89M Acquisition

Washington – July 1, 2025: A Crowell & Moring team represented Parsons Corporation in its $89 million acquisition of Chesapeake Technology International, a defense technology firm known for its advanced capabilities supporting all-domain operations and the Indo-Pacific Command.

...

Firm News | 9 min read | 01.02.25

Crowell & Moring Elects 12 New Partners, Promotes Four to Senior Counsel and 25 to Counsel

Crowell & Moring elected 12 new partners effective January 1, 2025. The firm also promoted four lawyers to the senior counsel and 25 associates to counsel.

Firm News | 9 min read | 01.09.23

Crowell & Moring Elects 16 New Partners, Promotes Five to Senior Counsel, and 25 to Counsel

Crowell & Moring elected 16 lawyers to the firm’s partnership, effective January 1, 2023. The firm also promoted five lawyers to the position of senior counsel and 25 associates to the position of counsel.

Client Alerts 94 results

Client Alert | 3 min read | 10.24.25

North Korean Threat Actors Target European Drone Makers

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a well-known and sophisticated threat actor group, allegedly sponsored by the North Korean government.

...

Client Alert | 5 min read | 10.06.25

From Yellow Jackets to Red Flags: DOJ Stings Georgia Tech for Alleged Cybersecurity Noncompliance

On September 30, 2025, the Department of Justice (DOJ) announced that Georgia Tech Research Corporation (GTRC) agreed to pay $875,000 to settle allegations that it violated the False Claims Act (FCA) and federal common law by failing to meet cybersecurity requirements under certain Air Force and Defense Advanced Research Projects Agency (DARPA) contracts. The settlement adds to the growing list of recoveries under DOJ’s Civil Cyber-Fraud Initiative and is yet another example of DOJ’s ongoing enforcement focus on cybersecurity obligations for federal contractors handling sensitive government information. The settlement also provides insight into how government contractors may challenge FCA liability when faced with allegations of cybersecurity noncompliance.

...

Client Alert | 7 min read | 09.10.25

Finally, the CMMC Final Rule: DoD Completes CMMC Rulemaking, Ushering in New Era in DoD Cybersecurity

On September 10, 2025, the Department of Defense (DoD) published a final rule (CMMC Clause Rule) that will apply its much-anticipated Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors. Under the CMMC Clause Rule, starting on November 10, 2025, DoD can include CMMC requirements—potentially including third-party cybersecurity assessments—in contracts that require the handling of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).

...

Press Coverage 18 results

Press Coverage | 09.09.25

DOD's Cybersecurity Rule May Help Fend Off FCA Claims

Law360

Press Coverage | 07.31.25

CMMC accreditation body touts voluntary participation in assessments as final rulemaking gets closer to fruition

Inside Cybersecurity

Press Coverage | 07.31.25

CMMC Accreditation Body Touts Voluntary Participation In Assessments As Final Rulemaking Gets Closer To Fruition

InsideCybersecurity.com

Publications 17 results

Publication | 01.28.25

Changes to Critical Infrastructure Requirements

In 2025, owners and operators of critical infrastructure will have new security and information sharing obligations to consider under the National Security Memorandum 22 (“NSM-22” or the “Memorandum”). NSM- 22 replaces the Obama-era Presidential Policy Directive 21: Critical Infrastructure Security and Resilience (PPD-21).

...

Publication | 01.28.25

Preparing for CMMC in 2025

After years of anticipation and a series of delays, implementation of the U.S. Department of Defense’s Cyber Maturity Model Certification Program (CMMC) is rapidly approaching. Though CMMC is not expected to enter into effect until early-to- mid 2025, DOD contactors can start taking steps now to ensure a smooth transition into this new regulatory era.

...

Publication | 01.28.25

Will Higher Education Institutions Face Enhanced Cybersecurity Requirements?

U.S. colleges and universities watched closely this summer when the DOJ, in a novel move, scrutinized the cybersecurity compliance of a research lab at an academic institution.

...

Events 12 results

Event | 04.10.25, 8:00 AM EDT - 1:00 PM EDT

Crowell's CMMC Day

You are invited to attend Crowell's CMMC Day, an in-person event dedicated to exploring the complexities of CMMC implementation and associated legal risks. This event will feature a series of insightful conversations with industry experts on topics such as prepping for assessments, risk management, and the government and private sector’s perspectives on CMMC.

Event | 11.19.24, 8:00 AM EST - 9:30 AM EST

CMMC Finalized: How to Prepare & Achieve Certification

Crowell is honored to host Ms. Stacy Bostjanick, the Defense Department’s CMMC Program Director, who will be joined live by Crowell attorneys Evan Wolff and Michael Gruden for an engaging fireside chat.

Event | 09.12.24, 8:00 AM EDT - 12:30 PM EDT

Cybersecurity Symposium: The Cyberside Chat

Crowell & Moring Counsel Michael Gruden, a member of the firm's Privacy & Cybersecurity Group, will be speaking at the Cybersecurity Symposium: The Cyberside Chat, taking place on Thursday, September 12 in Washington, D.C. His panel, "The Black, White, and Grey of Cybersecurity Compliance," will be taking place at 11:35 AM ET.

Webinars 19 results

Webinar | 09.15.25, 12:00 PM EDT - 1:00 PM EDT

CMMC Clause Rule: What to Know

The Department of Defense (DoD) has released the highly anticipated second final rule for the Cybersecurity Maturity Model Certification Program (CMMC), ushering in its mandatory implementation that begins on November 10. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks on and data theft from the Defense Industrial Base. This program requires every DoD contractor that handles sensitive government data to certify compliance with certain cybersecurity controls. CMMC brings greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with compliance failures. To achieve certification, contractors must prove that their organizations can meet a myriad of security control obligations, a process that can be daunting without familiarity with the policies, procedures, and practices that will be required when the program is finalized.

...

Webinar | 05.20.25, 10:00 AM EDT - 12:00 PM EDT

SPX Technologies: AI in Legal and Cybersecurity for DoD Contractors

10:00 a.m. - 11:15 a.m. ET (1 hour 15 minutes)

...

Webinar | 01.27.25, 10:00 AM EST - 10:45 AM EST

Cyber For All: A FAR CUI Proposed Rule Webinar

The FAR Council recently released a proposed rule (the “FAR CUI Rule”) that would amend the FAR to implement federal government-wide Controlled Unclassified Information (CUI) cybersecurity, training, and incident reporting requirements for government contractors and subcontractors.

Speaking Engagements 60 results

Speaking Engagement | 10.23.25

"Information Risk Management and Security," Government Contracts 101 Seminar, Washington, D.C.

Speaking Engagement | 09.15.25

"CMMC Final Rule: What to Know," Crowell & Moring Webinar.

Speaking Engagement | 07.29.25

"CMMC July 2025 Town Hall," The Cyber AB

Blog Posts 18 results

Blog Post | 10.15.25

From Yellow Jackets to Red Flags: DOJ Stings Georgia Tech for Alleged Cybersecurity Noncompliance

Crowell & Moring’s Government Contracts Legal Forum

Blog Post | 09.19.25

Fastest 5 Minutes: CMMC

Crowell & Moring’s Government Contracts Legal Forum

Blog Post | 09.02.25

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity

Crowell & Moring’s Government Contracts Legal Forum

Podcasts 8 results

Podcast | 09.11.25

Fastest 5 Minutes: CMMC

This week’s episode covers DOD’s final rule applying the Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors, and is hosted by Peter Eyre and Michael Gruden. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

...

Podcast | 10.25.24

Special Edition of the Fastest 5 Minutes: CMMC

This week’s special edition focuses on DOD’s final rule formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC), and is hosted by Peter Eyre, Yuan Zhou, and Michael Gruden. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

...

Podcast | 01.04.24

Special Edition of the Fastest 5 Minutes: CMMC

This special edition covers DoD’s proposed rule for the Cybersecurity Maturity Model Certification Program, and is hosted by Peter Eyre, Michael Gruden, and Nkechi Kanu. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

...