CMMC

A US Department of Defense framework requiring defense contractors to meet specific cybersecurity standards to handle Controlled Unclassified Information (CUI). CMMC 2.0 has three levels, with Level 2 aligning to NIST SP 800-171. If you sell to DoD or are in a defense supply chain, CMMC certification is becoming a contract requirement — not optional.