Code of Federal Regulations (Last Updated: July 5, 2024) |
Title 48 - Federal Acquisition Regulations System |
Chapter 2 - Defense Acquisition Regulations System, Department of Defense |
SubChapter A - General |
Part 204 - Administrative and Information Matters |
Subpart 204.75 - Cybersecurity Maturity Model Certification |
§ 204.7502 - Procedures.
Latest version.
-
204.7502 Procedures.
(a) When a requiring activity identifies a requirement for a contract, task order, or delivery order to include a specific CMMC level, the contracting officer shall not -
(1) Award to an offeror that does not have a CMMC certificate at the level required by the solicitation; or
(2) Exercise an option or extend any period of performance on a contract, task order, or delivery order unless the contractor has a CMMC certificate at the level required by the contract.
(b) Contracting officers shall use Supplier Performance Risk System (SPRS) (https://www.sprs.csd.disa.mil/) to verify an offeror or contractor's CMMC level.