The corresponding FAR Part 4 and DFARS Part 204 have been overhauled under the RFO.
PGI replacement text is provided in the RFO deviation attachment.
View FAR Part 4
Current Content
(a) This subpart prescribes policies and procedures for including the Cybersecurity Maturity Model Certification (CMMC) level requirements in DoD contracts. CMMC is a framework (see 32 CFR part 170) for assessing a contractor’s information security protections.
(b) This subpart does not abrogate any other requirements regarding contractor physical, personnel, information, technical, or general administrative security operations governing the protection of unclassified information, nor does it affect requirements of the National Industrial Security Program.
(c) This subpart applies to unclassified contractor information systems.