The prime contractor (contractor organization)is responsible for ensuring thatits subcontractorshave the requiredCMMC certification levelbefore engaging them inDoD contracts that involve FCI or CUI.
This requirement is enforced throughflow-down clausesinDFARS 252.204-7021, which mandates that subcontractors handlingCUImeet the necessaryCMMC Level 2 or Level 3 requirements.
[Reference:, DFARS 252.204-7021(CMMC Compliance), CMMC 2.0 Program Documentation, Step 2: Why Other Answer Choices Are IncorrectA. CMMC-AB (Incorrect):, TheCyber AB (formerly CMMC-AB)is responsible foraccrediting C3PAOs and managing the assessment process, but it does not enforce subcontractor compliance., B. OUSDA&S (Incorrect):, TheOffice of the Under Secretary of Defense for Acquisition & Sustainment (OUSD A&S)develops and overseesCMMC policy, but it does not monitor or enforce individual subcontractor compliance., C. DoD agency or client (Incorrect):, While theDoD sets CMMC requirements, it relies onprime contractors to ensure compliance among their subcontractorsthrough contract flow-down requirements., Final Confirmation of Correct Answer:Prime contractors must ensure their subcontractors have the required CMMC certification level to handle FCI or CUI., Thus, the correct answer is:D. Contractor organization, ]
Submit