Cybersecurity Maturity Model Certification (CMMC) program requirements will be implemented through the acquisition and contracting process. With limited exceptions, the Department intends to require compliance with CMMC as a condition of contract award.