More than 300,000 companies within the Defense Department’s supply chain will need to meet new Cybersecurity Maturity Model Certification (CMMC) requirements and pass a third-party assessment to ensure they are adequately protecting sensitive information on their networks. Now, Crowell & Moring has become the first AmLaw 100 firm to achieve Registered Provider Organization (RPO) status by the CMMC Accreditation Body (CMMC-AB) to help defense contractors comply with CMMC cybersecurity standards and prepare for their assessments.

The DoD will begin incorporating CMMC requirements into an increasing number of solicitations later this year, creating a unified standard for implementing cybersecurity across the defense industrial base. Previously, defense contractors were responsible for certifying the security of their own information technology systems. Now, the CMMC will require all defense contractors to obtain cybersecurity certifications based on third-party assessments, creating a new verification component to ensure that contractors meet their cybersecurity requirements and adequately protect sensitive information on their networks.

The CMMC is specific to DoD contractors but is expected to become increasingly relevant to all contractors as CMMC adoption likely expands throughout the government. Achieving certification may also provide a commercial advantage for contractors, as meeting CMMC requirements may become a differentiator for companies when they compete in the private sector.

The CMMC-AB has recognized Crowell & Moring as a law firm provider to help defense contractors comply with the CMMC cybersecurity standards and prepare for their assessments. As an RPO, Crowell & Moring is recognized by the CMMC-AB to help contractors understand what requirements they have to meet and to prepare their operations for their mandatory assessment.

The firm’s team includes lawyers, technologists, and CMMC registered practitioners who will help contractors comply with cybersecurity requirements in anticipation of their assessments, remediate challenges, and manage ongoing compliance.

Achieving RPO status is important for Crowell’s team of lawyers and technologists because of CMMC’s critical importance for DoD contractors. Crowell’s team knows how the assessment process will work, and is committed to providing practical and actionable advice so that our clients reach best-in-class cybersecurity, achieve CMMC certification, and win contracts for new business.

For more information, read the firm’s announcement or contact our CMMC registered practitioners, Evan D. Wolff, Kate M. Growley, and Michael Gruden.