The government requires federal contractors to protect controlled unclassified information (CUI) in accordance with requirements defined in NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The Cybersecurity Maturity Model Certification (CMMC) program is designed to ensure contractors fully meet their requirements under NIST SP 800-171 by having third-party assessments certify compliance.