Well before the SolarWinds event, which highlighted the exposure of commercial enterprises and government agencies to supply chain threat, the federal government had increased its regulatory focus on strengthening and securing the federal supply chain with the Cybersecurity Maturity Model Certification (CMMC) framework. The framework requires a third-party cybersecurity audit and certification by 2025 as a prerequisite to doing business with the DoD. The time to start that process is now. In this first article of a two-part series, we discuss the goals, requirements and challenges of the CMMC. Part two will cover how to prepare for compliance and what to expect from the third-party assessment. See “Senior Commerce Official Discusses Supply Chain Security and Cyber Policy” (Oct. 21, 2020).