The updated CMMC version 1.02 was released by the DoD on March 18, 2020. The CMMC has replaced the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 assessment model which was in place for contractors of the DoD previously.
This new certification requires third party evaluation in order to determine whether a contractor is secure enough to work with the DoD, whereas previously this was up to the contractor. In the past, contractors were responsible for certifying the security of their information technology systems, however this was deemed unacceptable by the DoD.
To stop vulnerabilities and protect the FUI/CUI that contractors may be handling in their work, the DoD has chosen to involve a third party in the certification of contractors.
To make things clear, the DoD has introduced a unified cybersecurity standard for DOD acquisitions which boosts the cybersecurity posture of the Defense Industrial Base (DIB). The certification focuses on various cybersecurity standards and best practices that range from basic cyber hygiene (Level 1) to the more advanced cybersecurity controls (Levels 4 and 5).