What are the major requirements of the Cybersecurity Maturity Model Certification for DoD contractors and subcontractors?

In response to the repeated attacks on the U.S. Department of Defense (DoD) supply chain, the release of the Cybersecurity Maturity Model Certification (CMMC) introduces a verification mechanism that will ensure the necessary security mechanisms are in place to better protect Controlled Unclassified Information (CUI) and other sensitive data made available to contractor organizations. CMMC was developed from the contributions of multiple organizations and entities, including the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD[A&S]), leveraging inputs from the Defense Industrial Base (DIB) sector, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs), and private industry. CMMC will soon be incorporated into Defense Federal Acquisition Regulation Supplement (DFARS), making it a requirement for DIB contractors that wish to be eligible for contract awards. This report provides an overview of CMMC for DoD contractors and subcontractors new to this requirement.