To ensure that DIB contractors establish and maintain effective cybersecurity practices for CUI, the DoD published the Cybersecurity Maturity Model Certification (CMMC) program in 2020. CMMC is a framework that allows the DoD to measure the maturity of an organization’s cybersecurity practices. Rather than build redundant standards, the DoD modeled CMMC on several existing cybersecurity standards, including NIST 800-53, NIST 800-171, The Defense Federal Acquisition Regulation Supplement (DFARS), and International Traffic in Arms Regulations (ITAR).