The U.S. Department of Defense (DoD) takes a supply-chain risk-management approach to improving cybersecurity by requiring all third-party partners to obtain the Cybersecurity Maturity Model Certification (CMMC). The CMMC is designed to ensure the protection of sensitive national security information such as Controlled Unclassified Information (CUI) and Federal Contract information (FCI).