Class Deviation 2025-O0006 - Use of the Clause on Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement
Summary
Contracting Officers must stop using Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7021 in new solicitations and contracts immediately. The clause covers Cybersecurity Maturity Model Certification (Cybersecurity Maturity Model Certification) level requirements. This deviation stays in effect until the final rule for DFARS Case 2019-D041 is published or until rescinded.
Required Contracting Officer Actions
- Do not include DFARS 252.204-7021 in any new solicitations or contracts effective immediately.
- Monitor for the final rule under DFARS Case 2019-D041, which will end this deviation.
Affected Provisions and Clauses
252.204-7021, Contractor Compliance With the Cybersecurity Maturity Model Certification Level Requirement (Clause)
- Prescribed in: 204.7504(a)
- Change type: REMOVED
- Action: Remove from use in all new solicitations and contracts.
Notes
Inquiries: Direct questions about this deviation to osd.pentagon.ousd-a-s.mbx.dpc-cp@mail.mil.
Duration: This deviation expires upon publication of the final rule for DFARS Case 2019-D041 or upon earlier rescission.
Suggested Questions
You can ask your AI assistant:
- What actions do I need to take for this deviation?
- Does this deviation affect commercial acquisitions under Part 12?
- Which clauses need to be removed from my existing contracts?
- How does this deviation change 252.204-7021 specifically?
- Are there any SAM registration implications?