A community resource for the acquisition workforce not a .gov website
part52.dev Federal Acquisition Clause Monitor

PGI 204.7504: Solicitation provision and contract clause.

PGIPart 204 › PGI 204.7504

This PGI section supplements: DFARS 204.7504 · FAR 4.7504
The corresponding FAR Part 4 and DFARS Part 204 have been overhauled under the RFO. PGI replacement text is provided in the RFO deviation attachment. View FAR Part 4

Current Content

(a) Unless the requirements at 32 CFR 170.5(d) are met, use the clause at 252.204-7021, Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirements, as follows:

(1) Until November 9, 2028 in solicitations and contracts, task orders, or delivery orders, including those using FAR part 12 procedures for the acquisition of commercial products and commercial services, except for those solely for the acquisition of commercially available off-the-shelf (COTS) items, if the program office or requiring activity determines that the contractor is required to have a specific CMMC level.

(2) On or after November 10, 2028 in solicitations and contracts, task orders, or delivery orders, including those using FAR part 12 procedures for the acquisition of commercial products and commercial services, except for those solely for the acquisition of COTS items, if the program office or requiring activity determines that the contractor is required to use contractor information systems in the performance of the contract, task order, or delivery order to process, store, or transmit FCI or CUI.

(b) Use the provision at 252.204-7025, Notice of Cybersecurity Maturity Model Certification Level Requirements, in solicitations that include the clause at 252.204-7021.

Sources: Search on acquisition.gov · View on acq.osd.mil