Insights

Professional

Practice

Industry

Region

Firm News 3 results

Firm News | 10 min read | 01.09.23

Crowell & Moring Elects 16 New Partners, Promotes Five to Senior Counsel, and 25 to Counsel

Crowell & Moring elected 16 lawyers to the firm’s partnership, effective January 1, 2023. The firm also promoted five lawyers to the position of senior counsel and 25 associates to the position of counsel.

Firm News | 3 min read | 03.02.21

Crowell & Moring Achieves CMMC Registered Provider Organization Status

...

Firm News | 3 min read | 02.22.19

Law360 Names Crowell & Moring's Government Contracts Group a "Practice Group of the Year" for the Ninth Consecutive Year

Washington – February 22, 2019: Crowell & Moring LLP is pleased to announce that its Government Contracts Group has been recognized as one of Law360’s “Practice Groups of the Year” for government contracts. This is the ninth consecutive year that the group has earned this honor.

...

Client Alerts 74 results

Client Alert | 3 min read | 05.14.24

NIST Releases Final Version of NIST SP 800-171, Revision 3

On May 14, 2024, the National Institute of Standard and Technology (NIST) published the final versions of Special Publication (SP) 800-171 Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations and its companion assessment guide, NIST SP 800-171A, Revision 3 (collectively, “Rev. 3 Final Version”). While the Department of Defense (DoD) is not requiring contractors who handle Controlled Unclassified Information (CUI) to implement Rev. 3 for now, it is expected that DoD will eventually incorporate Rev. 3 into both DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012) as well as the forthcoming Cyber Maturity Model Certification (CMMC) program.

...

Client Alert | 1 min read | 05.03.24

“Miss Me with Rev. 3,” Says DoD: DoD Issues Class Deviation Linking DFARS 7012 to NIST SP 800-171, Rev. 2

On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012), specifying that contractors subject to the clause must comply with NIST SP 800-171, Revision 2. The deviation (labeled Deviation 2024-O0013) will delay the incorporation of NIST SP 800-171, Revision 3—which is set to be finalized in the next few weeks—into DFARS 7012.

...

Client Alert | 2 min read | 03.21.24

Software Developments: CISA Finalizes Attestation Form, Triggering Secure Software Development Implementation

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) published an updated Secure Software Development Attestation Form, meaning that producers of software and providers of products containing software used by the federal government may be required to submit their attestations in the very near future. The Attestation Form, first published in April 2023, is a key cog in CISA’s implementation of software supply chain security requirements in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity and OMB Memoranda M-22-18 and M-23-16.

...

Press Coverage 9 results

Press Coverage | 05.15.24

Flexibility In Info Security Policy May Add Compliance Burden

Law360

Press Coverage | 04.12.24

Demand Grows For Cyber Insurance In Wake Of Ransomware Attacks

Communications Daily

Press Coverage | 03.08.24

Big Shift Unlikely In DOD Cybersecurity Rule, Despite Worries

Law360

Publications 13 results

Publication | 05.14.24

Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions

Privacy and Cybersecurity Outlook: The 2024 Landscape

Protecting critical infrastructure is paramount to today’s digital age. Critical infrastructure includes physical and virtual systems essential for the functioning of our society, economy, and national security. Such a definition may include power grids, communication networks, and financial institutions, among other networks that heavily rely on interconnected computer systems. These systems are also considered critical infrastructure, as they are used to protect critical cybersecurity infrastructure.

...

Publication | 05.01.24

The Impact Of The Cybersecurity Maturity Model Certification On The Defense Industrial Base

Contract Magazine

Publication | 01.15.24

What Sections 9 And 10 Of The Executive Order On AI Mean For Government Contractors

Federal News Network

Events 9 results

Event | 07.23.24, 10:30 PM PDT - 12:00 PM PDT

NCMA World Congress 2024

Crowell & Moring's Jennie VonCannon, Evan Wolff, and Michael Gruden, members of the firm's Privacy & Cybersecurity and Government Contracts Groups, will be speaking at the NCMA World Congress, taking place on July 23, 2024, in Seattle, Washington. They will lead a skill-based session, "Making CMMC 2.0 Requirements Work for Your Organization," at 10:30 AM PST.

Event | 01.25.24, 5:00 PM PST - 7:30 PM PST

What Tech Start-Ups Need to Know in the Era of CMMC: Federal Government Contracting Perspectives

The Department of Defense (DOD)’s recent release of the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) has shaken up cybersecurity requirements for companies looking do business with the Federal Government. These emerging requirements become increasingly arduous for startup companies in the technology space – albeit cloud computing, software or artificial intelligence.

Event | 11.30.23, 5:00 PM EST - 7:00 PM EST

Tenth Annual Legal Careers in Cybersecurity, Privacy, and Information Law

Co-sponsored by the ABA’s SciTech e-Privacy Committee; the ABA's Public Contract Law Section Cybersecurity Privacy and Emerging Technology Committee; Young Lawyer’s Division, Homeland Security Committee; and, Crowell & Moring, this event brings together law students and cyber, privacy, and information law professionals to discuss careers in this dynamic area.

Webinars 16 results

Webinar | 05.15.24, 1:00 PM EDT - 2:00 PM EDT

NIST SP 800-171 Transitions to Revision 3: What to Know

As the National Institute for Standards and Technology (NIST) prepares to release its highly anticipated Revision 3 to the security standard required by CMMC and current DoD contracts alike, join Crowell attorneys Evan Wolff and Michael Gruden in a robust discussion with one of the key architects of Revision 3, NIST’s own Senior Computer Scientist, Victoria Pillitteri.

Webinar | 04.11.24, 12:30 PM EDT - 1:45 PM EDT

FCBA Cybersecurity Committee Lunch and Learn

Crowell & Moring Counsel Michael Gruden, a member of the firm's Privacy & Cybersecurity Group, will be speaking at the FCBA's Cybersecurity Committee Lunch and Learn, taking place on April 11, 2024. His panel, "The Evolving World of Cyber Insurance: Overview, Considerations and Future Trends," will take place at 12:30 PM EST.

Webinar | 02.14.24, 1:00 PM EST - 2:00 PM EST

CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives

Members of Crowell’s Privacy & Cybersecurity practice and panelists from Coalfire and Mandiant will discuss the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) issued by the Department of Defense (DOD) in December.

Speaking Engagements 44 results

Speaking Engagement | 06.12.24

"Arresting Disaster: Driving Individual and Sector Wide Incident Response In An Age Of AI Threats," NRECA Co-op Cyber Tech Track: Current and Future State of Ransomware, Crystal City, VA

Speaking Engagement | 05.15.24

"NIST SP 800-171 Transitions to Revision 3: What to Know," Crowell & Moring Webinar, 2024.

Speaking Engagement | 04.17.24

"Cybersecurity Compliance & Key Developments," OOPS 2024: Government Contracts Weathering a Dynamic Forecast, Washington, D.C.

Blog Posts 14 results

Blog Post | 07.16.20

Companies Protecting Trade Secrets Should Consider Role of NIST’s Enhanced Security Requirements

Crowell & Moring’s Trade Secrets Trends

Blog Post | 02.21.19

DoD Increases DCMA Cybersecurity Responsibilities: DCMA to Implement and Assess Company-Wide Cyber Compliance

Crowell & Moring's Government Contracts Legal Forum

Blog Post | 11.08.18

SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud

Crowell & Moring's Data Law Insights

Podcasts 6 results

Podcast | 01.04.24

Special Edition of the Fastest 5 Minutes: CMMC

This special edition covers DoD’s proposed rule for the Cybersecurity Maturity Model Certification Program, and is hosted by Peter Eyre, Michael Gruden, and Nkechi Kanu. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

...

Podcast | 01.19.22

Byte-Sized Q&A: What is CISA and Why is it Important to Government Contractors?

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode of Byte Sized Q&A, Evan Wolff and Michael Gruden discuss the Cybersecurity Infrastructure Security Agency (CISA) and why it is important for contractors to take note of CISA’s actions.

...

Podcast | 03.22.21

Byte-Sized Q&A: What is Covered Defense Information?

In this episode, hosts Evan Wolff and Kate Growley talk with Michael Gruden about what government contractors need to know about covered defense information or CDI. Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces.

...