Included in the finalized CMMC 2.0 rule are required third-party or Defense Industrial Base Cybersecurity Assessment Center compliance evaluations of contractors dealing with sensitive data although contractors with less sensitive information would be permitted to undergo self-assessments.
Article Link: Final CMMC rule issued by Defense Department | SC Media