Growing concerns around supply chain threats have led to the DoD’s increased regulatory focus on strengthening and securing the federal supply chain with the Cybersecurity Maturity Model Certification (CMMC) framework. Current and prospective contractors should be preparing now for compliance with the framework, which requires a third-party cybersecurity audit and certification by 2025 (earlier for some) as a prerequisite to doing business with the DoD. In this second installment of a two-part article series, we cover the interim rule already in effect, how to prepare for compliance with the framework and what to expect from the third-party assessment. In part one, we discussed the overall goals, requirements and challenges of the CMMC. See “Senior Commerce Official Discusses Supply Chain Security and Cyber Policy” (Oct. 21, 2020).