Who in the network needs to follow CMMC compliance?

If you are trying to enable an environment to be CMMC compliant what benefit is it of only having 3 people in the organization able to handle CUI and have other safeguards on their systems?

Especially if you need to send CUI to another company that are not compliant? Do you only allow them access to the file rather then sending in an email?