Skip to content
LexBuild

48 CFR § 204.7500 - 204.7500 Scope of subpart. 

---
identifier: "/us/cfr/t48/s204.7500"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "48 CFR § 204.7500 - 204.7500   Scope of subpart."
title_number: 48
title_name: "Federal Acquisition Regulations System"
section_number: "204.7500"
section_name: "204.7500   Scope of subpart."
chapter_number: 2
chapter_name: "DEFENSE ACQUISITION REGULATIONS SYSTEM, DEPARTMENT OF DEFENSE"
subchapter_number: "A"
subchapter_name: "GENERAL"
part_number: "204"
part_name: "ADMINISTRATIVE AND INFORMATION MATTERS"
positive_law: false
currency: "2026-03-24"
last_updated: "2026-03-24"
format_version: "1.1.0"
generator: "[email protected]"
authority: "41 U.S.C. 1303 and 48 CFR chapter 1."
regulatory_source: "56 FR 36289, July 31, 1991, unless otherwise noted."
cfr_part: "204"
---

# 204.7500 204.7500   Scope of subpart.

(a) This subpart prescribes policies and procedures for including the Cybersecurity Maturity Model Certification (CMMC) level requirements in DoD contracts. CMMC is a framework (see 32 CFR part 170) for assessing a contractor's information security protections.

(b) This subpart does not abrogate any other requirements regarding contractor physical, personnel, information, technical, or general administrative security operations governing the protection of unclassified information, nor does it affect requirements of the National Industrial Security Program.

(c) This subpart applies to unclassified contractor information systems.