Per DFARS 252.204-7012, Contractors were to implement NIST SP 800-171 by 12/31/2017 “Safeguarding Cover Defense Information and Incident Reporting”. However, Contractors self-certification has not gone as well as the Department of Defense (DoD) had hoped. They have even included it as part of 2019 Contractor Purchasing System Reviews (CPSR) for the Defense Contract Management Agency (DCMA) to evaluate Contractors monitoring of subcontractor’s self-certification. In the meantime, DoD has shifted gears and is developing the Cybersecurity Maturity Model Certification (CMMC) to help strengthen the DoD supply chain's cybersecurity at all levels of the supply chain, from the prime Contractor on down to the lowest subcontractor.