Maida Oringher Lerner

Overview

The evolving legal fields of cybersecurity, privacy, and homeland security demand that lawyers be able to provide practical and creative advice to clients on new and complex regulatory requirements and government standards to protect sensitive and proprietary information. Prior to moving to private practice, Maida Lerner served in the Office of General Counsel for a major electric utility company and understands how to work in partnership with corporate counsel in responding efficiently to these new obligations. Maida also understands regulatory and litigation risks. She has participated in significant federal regulatory rulemakings and has represented clients in numerous proceedings before federal and state appellate courts and administrative agencies.

Maida is senior counsel in Crowell & Moring’s Washington, D.C., office and part of the firm’s Cybersecurity and Privacy and Government Contracts groups. She advises a broad group of clients in a variety of sectors — including federal contractors, trade associations, and companies in the government contracts, pipeline, transportation, health care, and manufacturing sectors — in the areas of cybersecurity and privacy compliance.

As part of an enterprisewide compliance approach to evolving and complex security risks and standards, Maida helps clients mitigate the risk of cyber incidents through practicing responses to cyber and physical security incident simulations and developing incident response and insider threat plans and programs. She also knows how to work closely with technical consultants on behalf of companies to conduct privileged vulnerability assessments and mitigation plans. Maida regularly advises clients on developing legally compliant and efficient responses to data breaches and internal investigations and coordinates with technical experts after intrusions to conduct privileged forensic investigations. Her homeland security practice has a particular emphasis on critical infrastructure, chemical security, the SAFETY Act, and corporate compliance.

Maida also counsels clients on state data privacy laws. She has helped clients in a broad range of sectors stand up new and assess existing privacy programs, develop privacy policies and procedures, and comply with notification obligations in the event of a data breach.

Maida is active in pro bono matters, with a focus on child custody issues.

Career & Education

|

State University of New York at Albany, B.A., summa cum laude
Boston University School of Law, J.D.
- State University of New York at Albany, B.A., summa cum laude
- Boston University School of Law, J.D.
District of Columbia
New York
Supreme Court of the United States
Numerous Federal Appellate and District Courts Nationwide
- District of Columbia
- New York
- Supreme Court of the United States
- Numerous Federal Appellate and District Courts Nationwide

Maida's Insights

Client Alert | 8 min read | 10.14.24

Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program

On October 11, 2024, the Department of Defense (DoD) released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC).[1] ...

Client Alert | 2 min read | 08.20.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
Client Alert | 6 min read | 07.30.24
FedRAMP Revamp: OMB Publishes Memorandum Contemplating Sweeping Changes to Federal Government Cloud Procurement Security Standards and Strategy
Publication | 05.14.24
Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions

View All Insights

Representative Matters

Advised government contractors and owners and operators of U.S. critical infrastructure on privileged cybersecurity, privacy and physical security risk assessments and compliance reviews.
Advised clients in all U.S. critical infrastructure sectors on the development of cybersecurity and physical security policies, including incident response plans, insider threat programs, and governance frameworks.
Facilitated simulated security incident exercises and developed training programs for owners and operators of U.S. critical infrastructure in all sectors to test response plans, in coordination with technical consultants under privilege.
Advised clients in all U.S. critical infrastructure sectors on the development of enterprise-wide and global privacy policies, including privacy notices, user agreements and assessment of incident notification obligations.
Represented a transportation sector trade association in securing competitive federal funding for a state-of-the-art cyber threat information-sharing network.
Advised clients in a multitude of sectors, including energy, transportation, health and education, on chemical security regulation compliance, including the Chemical Facility Anti-Terrorism Standards (CFATS).
Advised clients and represented a company on successful resolution of applications under the Support Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act.
Advised corporations on compliance issues arising under federal and state Clean Air Acts and asbestos abatement issues.
Participated in major rulemakings arising under the federal Clean Air Act.
Advised companies on internal environmental audits.
Represented members of the utility industry in successful resolution of appellate litigation.

Maida's Insights

Client Alert | 8 min read | 10.14.24

Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program

On October 11, 2024, the Department of Defense (DoD) released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC).[1] ...

Client Alert | 2 min read | 08.20.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
Client Alert | 6 min read | 07.30.24
FedRAMP Revamp: OMB Publishes Memorandum Contemplating Sweeping Changes to Federal Government Cloud Procurement Security Standards and Strategy
Publication | 05.14.24
Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions

View All Insights

Insights

Client Alert | 8 min read | 10.14.24

Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program

Client Alert | 2 min read | 08.20.24

DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause

Client Alert | 6 min read | 07.30.24

FedRAMP Revamp: OMB Publishes Memorandum Contemplating Sweeping Changes to Federal Government Cloud Procurement Security Standards and Strategy

Publication | 05.14.24

Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions

|

Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions
|
05.14.24
Privacy and Cybersecurity Outlook: The 2024 Landscape
The Impact Of The Cybersecurity Maturity Model Certification On The Defense Industrial Base
|
05.01.24
Contract Magazine
Solarwinds Whips Up a Software Cybersecurity Storm
|
January 2024
Contract Management Magazine
The Road To CMMC: Where We Started And Where We Are Headed
|
03.30.23
Westlaw Today, Reuters
Cybersecurity Provisions Proliferate In The National Defense Authorization Act
|
03.15.22
Government Contracting Law Report
How To Comply With New Multiline Telephone System Rules
|
02.09.22
Law360
A New Flightpath For Cybersecurity
|
09.08.21
ACC Docket
Navigating The SolarWinds Supply Chain Attack
|
03.25.21
The Procurement Lawyer
Florida Water Cyberattack Shows Need For National Defense Response
|
02.23.21
Bloomberg Law
Cleared Contractors Under the Gun as Insider Threat Program Deadline Approaches
|
11.11.16
Bloomberg BNA Insights
Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program
|
10.14.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
|
08.20.24
FedRAMP Revamp: OMB Publishes Memorandum Contemplating Sweeping Changes to Federal Government Cloud Procurement Security Standards and Strategy
|
07.30.24
NIST Releases Final Version of NIST SP 800-171, Revision 3
|
05.14.24
“Miss Me with Rev. 3,” Says DoD: DoD Issues Class Deviation Linking DFARS 7012 to NIST SP 800-171, Rev. 2
|
05.03.24
Software Developments: CISA Finalizes Attestation Form, Triggering Secure Software Development Implementation
|
03.21.24
DoD’s New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Rule
|
12.27.23
The Holidays Come Early: NIST Unwraps Final Draft Revision 3 to NIST SP 800-171
|
11.14.23
California Privacy Rights Act Enforcement Delayed
|
07.06.23
Homeland Cybersecurity: DHS Overhauls Its CUI Program, Releases New Contract Clauses
|
06.21.23
"Cybersecurity Table Top for a Congressional Cyber Security Lab Program," Wilson Center, Washington, D.C.
|
06.10.16
"Cybersecurity Risk Management: The View from Washington and Beyond," OOPS 2015, Crowell & Moring's 31st Annual Ounce of Prevention Seminar, Washington, D.C.
|
05.05.15
Government Contracts Group of the Year: Crowell & Moring
|
01.06.16
Law360
Expert Tells Federal Contractors to Play It Safe, Invest in Compliance
|
05.12.15
Bloomberg BNA
Lawyers Can Recommend Best Practices to Mitigate Cyber Risks, Attorneys Advise
|
05.12.15
BNA
Law360 Names Crowell & Moring's Government Contracts Group a "Practice Group of the Year" for the Ninth Consecutive Year
|
02.22.19
Crowell & Moring's Government Contracts Group Named to Law360's "Practice Groups of the Year" for Fifth Consecutive Year
|
01.09.15
Energy Cybersecurity Act of 2019
|
02.10.20
Crowell & Moring's Data Law Insights
Safety Act Liability Protections Will Be Tested
|
07.25.18
Crowell & Moring's Data Law Insights
Colorado’s New Data Privacy Bill Increases Notification and Safeguarding Requirements
|
07.17.18
Crowell & Moring's Data Law Insights
New Draft NIST Guidance on Systems Security Engineering
|
04.24.18
Crowell & Moring's Government Contracts Legal Forum
U.K. Announces Fines Up To $24M For Cyber Noncompliance
|
01.31.18
Crowell & Moring's Data Law Insights
FERC Proposes to Require Expanded Cyber Security Incident Reporting
|
01.17.18
Crowell & Moring's Data Law Insights
Court Allows Data Breach Claims Against Kimpton
|
04.20.17
Crowell & Moring's Data Law Insights
New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies
|
04.14.17
Crowell & Moring's Data Law Insights
Home Depot Settles Major Data Breach Suit with Financial Institutions for $25 Million
|
03.10.17
Crowell & Moring's Data Law Insights
Privacy & Cybersecurity Weekly News Update – Week of July 31
|
08.11.16
Crowell & Moring's Data Law Insights

View All Insights

Practices

Industries

Maida's Insights

Client Alert | 8 min read | 10.14.24

Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program

On October 11, 2024, the Department of Defense (DoD) released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC).[1] ...

Client Alert | 2 min read | 08.20.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
Client Alert | 6 min read | 07.30.24
FedRAMP Revamp: OMB Publishes Memorandum Contemplating Sweeping Changes to Federal Government Cloud Procurement Security Standards and Strategy
Publication | 05.14.24
Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions

View All Insights

Maida Oringher Lerner

Overview

Overview

Career & Education

Education

Admissions

Maida's Insights

Representative Matters

Maida's Insights

Insights

Publications

Client Alerts

Speaking Engagements

Press Coverage

Firm News

Blog Posts

Practices

Industries

Maida's Insights