Insights

The Department of Defense (DOD)’s recent release of the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) has shaken up cybersecurity requirements for companies looking do business with the Federal Government. These emerging requirements become increasingly arduous for startup companies in the technology space – albeit cloud computing, software or artificial intelligence.

The Department of Defense (DOD) has released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC). CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks and data theft from its supply chain vendors. As proposed, this program requires every Federal contractor that handles DoD sensitive data to comply with certain cybersecurity controls. CMMC will bring greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with failure to comply. To achieve certification, you’re required to prove that your organization can meet a myriad of security control obligations, a process that can be daunting if you’re not familiar with the policies, procedures, and practices that may be required when the program is finalized.

The Office of Management and Budget (OMB) released Memorandum M-22-18, implementing software supply chain security requirements for federal agencies, and in turn, for government contractors providing software to the government.

Join our Crowell & Moring practitioners as they discuss deadlines approaching this summer and the applicability of OMB’s self-attestation requirements. Crowell will also provide practical insights in implementing the new software security standard, NIST SP 800-218, Secure Software Development Framework, and about completing the Cybersecurity Infrastructure Security Agency’s (CISA) draft Self-Attestation Form.