Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to implement security controls, submit compliance performance scores and perform regular cyber hygiene activities. Based on NIST 800-171 controls, CMMC will be a single standard for all DoD contracts. Previous regulations for DoD contractors handling controlled unclassified information (CUI) allowed for self-certification of compliance with appropriate NIST 800-171 controls. At. minimum, CMMC will now require executive sign-off and for some, third-party audits and certification to ensure that DoD contractors have appropriate levels of security in place.