Client Alerts & Newsletters

Cybersecurity Maturity Model Matures: DoD Adds New Requirements to Draft Cybersecurity Certification

September 10, 2019

The Defense Department has released Revision 0.4 of its Cybersecurity Maturity Model Certification (CMMC) that, starting next year, independent auditors are to use to certify contractor compliance with DoD cybersecurity requirements.  Revision 0.4 more than doubles the number of cybersecurity controls across the CMMC’s five maturity “Levels.”  But the DoD emphasizes that it will further down-select these controls and that mature contractor processes may counteract gaps in the final controls’ implementation.  In addition to NIST SP 800-171 (the default standard under DFARS 252.204-7012), Revision 0.4 now incorporates requirements from the NIST Cybersecurity Framework, ISO 27001, and CIS Critical Security Controls, as well as from “additional DIB inputs.”  Notably missing is NIST SP 800-171B, which remains under review.

The DoD is requesting feedback on Revision 0.4 through September 25, 2019, and plans on releasing Revision 0.6 for comment in November 2019.   The final CMMC is expected in January 2020. 

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Kate M. Growley, CIPP/G, CIPP/US
Partner – Washington, D.C.
Phone: +1.202.624.2698

Evan D. Wolff
Partner – Washington, D.C.
Phone: +1.202.624.2615

Maida Oringher Lerner
Senior Counsel – Washington, D.C.
Phone: +1.202.624.2596

Michael G. Gruden, CIPP/G
Associate – Washington, D.C.
Phone: +1.202.624.2545

Crowell & Moring LLP is an international law firm with offices in the United States, Europe, MENA, and Asia that represents clients in litigation and arbitration, regulatory and policy, and transactional and corporate matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation and government-facing matters, as well as its ongoing commitment to pro bono service and diversity, equity, and inclusion.

View Desktop Site | Mobile Sitemap |

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2022
Attorney advertising - prior results do not guarantee a similar outcome.