[Reference:, DFARS 252.204-7021 (CMMC Requirements), CMMC 2.0 Program Documentation, Step 2: Why Other Answer Choices Are Incorrect, B. NARA (Incorrect):, TheNational Archives and Records Administration (NARA)overseesCUI program policiesbut does not assign CMMC levels., C. NIST (Incorrect):, TheNational Institute of Standards and Technology (NIST)develops cybersecurity frameworks (e.g.,NIST SP 800-171), but it does not specify CMMC Levels in contracts., D. Department of Homeland Security (Incorrect):, TheDepartment of Homeland Security (DHS)is responsible for cybersecurity at the national level, butCMMC applies specifically to DoD contractors., Final Confirmation of Correct Answer:, The DoD determines and specifies the required CMMC Level in RFIs and RFPs., , ]