Show extracted text
OFFICE OF THE UNDER SECRETARY OF DEFENSE
3000 DEFENSE PENTAGON
WASHINGTON, DC 20301-3000
ACQUISITION
AND SUSTAINMENT
In reply refer to
DARS Tracking Number: 2025-O0006
MEMORANDUM FOR COMMANDER, UNITED STATES CYBER
COMMAND (ATTN: ACQUISITION EXECUTIVE)
COMMANDER, UNITED STATES SPECIAL OPERATIONS
COMMAND (ATTN: AQUISITION EXECUTIVE)
COMMANDER, UNITED STATES TRANSPORTATION
COMMAND (ATTN: ACQUISITION EXECUTIVE)
DEPUTY ASSISTANT SECRETARY OF THE ARMY
(PROCUREMENT)
DEPUTY ASSISTANT SECRETARY OF THE NAVY
(PROCUREMENT)
DEPUTY ASSISTANT SECRETARY OF THE AIR FORCE
(CONTRACTING)
DEFENSE AGENCY AND DOD FIELD ACTIVITY DIRECTORS
SUBJECT: Class Deviation—Use of the Clause on Contractor Compliance With the
Cybersecurity Maturity Model Certification Level Requirement
Effective immediately, contracting officers shall not use the contract clause at Defense
Federal Acquisition Regulation Supplement (DFARS) 252.204-7021, Contractor Compliance
With the Cybersecurity Maturity Model Certification Level Requirement, in new solicitations
and contracts.
This class deviation remains in effect until the effective date of the final rule for DFARS
Case 2019-D041, Assessing Contractor Implementation of Cybersecurity Requirements, or until
otherwise rescinded. Inquiries regarding this class deviation can be addressed to
osd.pentagon.ousd-a-s.mbx.dpc-cp@mail.mil.
Original signature 08/25/2025 New signature after Section 508 remediation
John M. Tenaglia
Principal Director,
Defense Pricing, Contracting, and
Acquisition Policy