The Department of Defense’s (DoD) is taking a supply-chain risk-management approach to improving cybersecurity. They are implementing the Cybersecurity Maturity Model Certification (CMMC), which will require DoD contractors and researchers to obtain third-party certification. This new CMMC mandate includes university-based research labs and facilities—as well as FFDRCs (Federally Funded Research and Development Centers) and UARCs (University Affiliated Research Centers)—and thus CMMC compliance needs to be a part of a higher education institution’s information security strategy.