Established by the United States Department of Defense (DOD), the Cybersecurity Maturity Model Certification (CMMC) is a framework designed to fortify the cyber defenses of government contractors. The program aims to safeguard confidential information within the DOD supply chain by requiring comprehensive third-party assessments of the security practices of both contractors and subcontractors alike. In essence, CMMC outlines the specific IT security standards businesses must satisfy in order to secure lucrative government contracts. CMMC was introduced in response to a string of security breaches targeting sensitive federal data. The high-profile nature of those exploits led the DOD to reexamine the security capabilities of its ecosystem. The agency determined that the insufficiency of current standards, combined with the lack of accountability from resource-strapped subcontractors rendered the supply chain extremely vulnerable to cyber threats.