The Cybersecurity Maturity Model Certification puts research universities in a position where they must validate the effectiveness of their security controls before applying for a grant or bidding on a government contract.