Cybersecurity Maturity Model Certification 2.0 is the DoD's supplier assurance programme requiring defence contractors to achieve independently verified cybersecurity controls — with Level 2 mandating compliance with all 110 practices of NIST SP 800-171 before a company can bid on contracts involving Controlled Unclassified Information. Zero Trust architecture maps directly to CMMC Level 2 and Level 3 requirements, and primes are increasingly flowing CMMC compliance obligations down to their entire supply chains.
CMMC 2.0