Code of Federal Regulations (Last Updated: July 5, 2024) |
Title 48 - Federal Acquisition Regulations System |
Chapter 2 - Defense Acquisition Regulations System, Department of Defense |
SubChapter A - General |
Part 204 - Administrative and Information Matters |
Subpart 204.75 - Cybersecurity Maturity Model Certification |
§ 204.7500 - Scope of subpart.
Latest version.
-
204.7500 Scope of subpart.
(a) This subpart prescribes policies and procedures for including the Cybersecurity Maturity Model Certification (CMMC) level requirements in DoD contracts. CMMC is a framework that measures a contractor's cybersecurity maturity to include the implementation of cybersecurity practices and institutionalization of processes (see https://www.acq.osd.mil/cmmc/index.html).
(b) This subpart does not abrogate any other requirements regarding contractor physical, personnel, information, technical, or general administrative security operations governing the protection of unclassified information, nor does it affect requirements of the National Industrial Security Program.