As of 2025, all defense contractors who are members of the defense industrial base will be expected to follow the Department of Defense's Cybersecurity Maturity Model Certification (CMMC) as a means of assessing their compliance with current governmental security requirements. And there's no question that third-party risk must be factored into this critical assessment. This session will look at the intersection between CMMC compliance and third-party/supply-chain security practices, and how even organizations outside the DIB can learn and improve their supply chain security practices from this Herculean effort.