After a very slow rollout, the Department of Defense (DoD) finally released details about their CMMC program that, as Federal regulation, may go into as early as 1 October 2024. This regulation *will* affect companies that directly contract with the DoD or are just in somebody's supply chain; Cloud Service Providers; Managed Service Providers (MSP); Managed Security Service Providers (MSSP); and anyone else that has access to the Government's intellectual property or helps to protect it. The program and market pressures will require 3rd party certification of the majority of these firms for the DoD contractor to be eligible for DoD work. If their MSP or MSSP isn't CMMC certified, they may not be certifiable also... Likewise, while the failure to get certified will result in loss of work, DoD is also working with DoJ to use CMMC as a springboard for False Claims Act charges against all organizations in the ecosystem.