Cybersecurity Maturity Model Certification
The US Department of Defense program that requires defense contractors to prove they meet cybersecurity requirements before winning contracts. It builds on NIST SP 800-171 controls for protecting controlled unclassified information, with tiered levels and third-party assessments. It matters because it turns cybersecurity from a self-attested checkbox into a verified condition of doing business with the DoD.