The announcement of CMMC in Spring 2019 created confusion for contractors and suppliers regarding cybersecurity and compliance requirements. With the release of CMMC V1 and its implementation plan, it’s now clear that NIST 800-171 isn't going away anytime soon. Contractors remain responsible for the determining the security of their subcontractors through their subcontractors’ self-attestation to 800-171. To enforce compliance, DCMA is stepping up audits of both contractors and suppliers and has already charged those that have misrepresented compliance under the False Claims Act.