# Class Deviation 2025-O0006
# Class Deviation 2025-O0006 – Use of the Clause on Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement

Status: Archived
Date Issued: 08/25/2025
Signed By: John M. Tenaglia, Principal Director, Defense Pricing, Contracting, and Acquisition Policy
Scope: All DoD contracting officers

## Summary

Contracting officers are directed to stop using DFARS clause 252.204-7021, Contractor Compliance With the Cybersecurity Maturity Model Certification Level Requirement, in new solicitations and contracts effective immediately. The deviation remains in effect until the final rule for DFARS Case 2019-D041 takes effect or until rescinded. Inquiries may be directed to osd.pentagon.ousd-a-s.mbx.dpc-cp@mail.mil.

## Required Contracting Officer Actions

1. Do not include DFARS 252.204-7021 in any new solicitations or contracts effective immediately.

## Affected Provisions and Clauses

### 252.204-7021, Contractor Compliance With the Cybersecurity Maturity Model Certification Level Requirement (Clause)
- Prescribed in: 204.7504(a)
- Change type: REMOVED
- Action: Remove from use in all new solicitations and contracts.

## Notes

Expiration: This deviation remains in effect until the final rule for DFARS Case 2019-D041, Assessing Contractor Implementation of Cybersecurity Requirements, is effective or until otherwise rescinded.

Inquiries: Questions regarding this deviation should be directed to osd.pentagon.ousd-a-s.mbx.dpc-cp@mail.mil.

## Suggested Questions

You can ask your AI assistant:
- What actions do I need to take for this deviation?
- Does this deviation affect commercial acquisitions under Part 12?
- Which clauses need to be removed from my existing contracts?
- How does this deviation change 252.204-7021 specifically?
- Are there any SAM registration implications?

---
Source: https://part52.dev
Generated: 2026-03-20
Memorandum: https://www.acq.osd.mil/dpap/policy/policyvault/USA001756-25-DPCAP.pdf