Not long ago, we discussed the basics of the Cybersecurity Maturity Model Certification (CMMC) Program at DFARS subpart 204.75. Of course, with such a large new system as the CMMC Program, there is more to it than what we reviewed there. In this second set of posts, we will dive deeper into the requirements and procedures of the CMMC Program implemented by DoD back in September 2025, among other items. We will explore what the general rules on what systems are covered by the CMMC Program, when the contractor must be in compliance with the CMMC Program, and what levels will apply for contracts.