Regulations last checked for updates: Feb 11, 2026

Title 48 - Federal Acquisition Regulations System last revised: Jan 28, 2026
All TitlesTitle 48Chapter 2Part 204Subpart 204.75 - Subpart 204.75—Cybersecurity Maturity Model Certification
View all text of Subpart 204.75 [204.7500 - 204.7504]
204.7500 - 204.7500 Scope of subpart.

(a) This subpart prescribes policies and procedures for including the Cybersecurity Maturity Model Certification (CMMC) level requirements in DoD contracts. CMMC is a framework (see 32 CFR part 170) for assessing a contractor's information security protections.

(b) This subpart does not abrogate any other requirements regarding contractor physical, personnel, information, technical, or general administrative security operations governing the protection of unclassified information, nor does it affect requirements of the National Industrial Security Program.

(c) This subpart applies to unclassified contractor information systems.

authority: 41 U.S.C. 1303 and 48 CFR chapter 1
source: 56 FR 36289, July 31, 1991, unless otherwise noted.
cite as: 48 CFR 204.7500
© 2014 CustomsMobile | Disclaimer | Privacy | About