2025-O0006

Use of the Clause on Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement

Issued / Effective

August 25, 2025 / December 9, 2025

Signed By

John M. Tenaglia, Principal Director, Defense Pricing, Contracting, and Acquisition Policy

Applicability

ALL DoD

Affected Clauses

Archived Deviation

This deviation was archived on 2026-01-17. The information below is preserved for reference.

Authority

DFARS Case 2019-D041, Assessing Contractor Implementation of Cybersecurity Requirements

Summary

Contracting Officers must stop using Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7021 in new solicitations and contracts immediately. The clause covers Cybersecurity Maturity Model Certification (Cybersecurity Maturity Model Certification) level requirements. This deviation stays in effect until the final rule for DFARS Case 2019-D041 is published or until rescinded.

Contracting Officer Actions

Do not include DFARS 252.204-7021 in any new solicitations or contracts effective immediately.

Monitor for the final rule under DFARS Case 2019-D041, which will end this deviation.

Duration

This deviation expires upon publication of the final rule for DFARS Case 2019-D041 or upon earlier rescission.

Inquiries

Direct questions about this deviation to osd.pentagon.ousd-a-s.mbx.dpc-cp@mail.mil.

Affected Provisions and Clauses

252.204-7021

Contractor Compliance With the Cybersecurity Maturity Model Certification Level Requirement CLAUSE

Remove from use in all new solicitations and contracts.

REMOVED

Details

Effective Date

December 9, 2025

Status

ARCHIVED

Signed By

John M. Tenaglia

Title

Principal Director, Defense Pricing, Contracting, and Acquisition Policy

Archived Date

2026-01-17

Use with AI assistant

Copy a link and prompt for use with Gemini or another AI assistant.

2025-O0006

Summary

Contracting Officer Actions

Affected Provisions and Clauses

Source Documents

Details