Podcast Summary: Sum IT Up: CMMC News Roundup

Episode: CMMC: Final Rule vs Class Deviation
Date: September 11, 2025
Host: Summit 7
Main Speakers: A (Summit 7 Host), B (Co-Host Jason)

Overview

This episode of Sum IT Up: CMMC News Roundup breaks down the recent and highly anticipated release of the Department of Defense (DoD)'s final rule for the Cybersecurity Maturity Model Certification (CMMC) program. The hosts address widespread confusion within the defense contracting community regarding the impact of a recently issued class deviation and clarify how it relates to the final rule, specifically focusing on what happens on November 10, 2025. They walk through how to interpret these regulatory developments and address common misconceptions propagated in the industry.

Key Discussion Points & Insights

1. The Big News: The CMMC Final Rule Release

[00:02–02:51]

The long-awaited final rule to fully implement CMMC has been released (September 10, 2025).
The rule officially takes effect on November 10, 2025, launching the first phase of CMMC’s rollout.
From this date, all new DoD solicitations and contracts will contain some level of CMMC requirement based on the nature of the handled data.
This marks a shift from a pre-CMMC era, making compliance the rule rather than the exception.
A free Summit 7 webinar will break down the rule's details for contractors and interested parties.

Notable Quote:

"After that point, November 10th, all new DoD solicitations and contracts will have some level of CMMC requirement in them depending on the nature of the data that you are handling under your contract. From that day forward, any work that doesn't involve CMMC will be the exception rather than the rule. Everything changes."
— A, [01:15]

2. The Confusion: Class Deviation vs. Final Rule

[02:51–05:44]

Despite the final rule's announcement, rumors are circulating about CMMC being “suspended indefinitely” due to a class deviation memo, notably because it uses the word “indefinitely.”
The hosts clarify the meaning of "indefinitely" in DoD regulatory language. It simply means a date is not set—it does not signal permanence.

Notable Quote:

"Because some people, I think, are automatically programmed to think indefinite means this endless time lapse continuum, definitely is permanently. But realistically what the word means is that there's something brewing. We just don't know when it's going to finish brewing."
— B, [05:36]

3. What is a Class Deviation?

[06:16–09:36]

Definition: A class deviation is a temporary, authorized exception to government acquisition regulations (FAR, DFARS, etc.) affecting multiple contracts, used to address urgent needs or policy gaps until a permanent rule can be established.
The most recent class deviation (Class Deviation 2025-O0006) directs contracting officers not to use DFARS clause 252.204-7021 (the original CMMC contract clause) until the final rule’s effective date (November 10, 2025).
This does not suspend CMMC or affect the rollout—rather, it bridges the gap caused by misaligned or outdated regulatory text.

Notable Quote:

"This class deviation does not suspend CMMC. It does not affect the November 10th effective date. It does not change the phased rollout. It does not override the final rule whatsoever at all. Period."
— A, [08:39]

4. Why Was This Class Deviation Necessary?

[09:36–15:00]

Due to rulemaking timelines, the official regulatory literature (DFARS 252.204-7021) had an old phased rollout plan ending October 1, 2025, causing confusion as the new rule takes effect after that date.
Historically, the clause was never actually authorized for general use—errors and oversights led to its inclusion in some contracts.
The deviation serves as a temporary instruction: do not use the old version of the clause until the new, final rule is in place.

Notable Quote:

"At no point in time has the clause 7021 been allowed to go in any solicitation and contract. If it has, it has been a mistake… So if it's never been authorized for use, why did we get a class deviation telling people not to use it?"
— A, [11:09]

5. Widespread Misunderstandings & How They Occurred

[15:00–18:48]

Some DoD components and industry players mistakenly announced October 1, 2025, as the “go-live” date for CMMC, pulling from outdated rule text.
The class deviation corrects these misunderstandings by explicitly stating the clause’s current status and expiration.
The episode underscores the importance of reading current and official regulatory guidance—not relying on web search or AI outputs that might reference outdated proposals.

Notable Quote:

"I've been very disappointed in some of the DoD components understanding of the relationship between old clause language and upcoming new clause language. But that's besides the point. The real day is November 10th of 2025."
— A, [13:35]

6. Key Takeaways and Guidance

[18:48–19:49]

The only date that matters is November 10, 2025.
The class deviation is a temporary fix, expiring automatically with the final rule’s effective date.
Contractors should focus preparation efforts on November 10 and disregard “October 1st” rumors.
Future webinars and episodes will go deeper into the final rule's content and implementation steps.

Notable Quote:

"If anybody brings [the class deviation] up, you can just have them watch this episode or just direct them to the last paragraph of the two paragraphs that says it expires on the effective date. Effective date is November 10th. It won't be a thing anymore."
— A, [18:49]

Notable Quotes (by Timestamp & Speaker)

"Surreal is the word that I've been using and I've heard a lot of other people, a lot of other OGs in the space use is. It feels very surreal." — A, [02:51]
"Doesn't the rule being published and the effective date being put in place effectively void that class deviation?" — B, [09:36]
"DFARS clause 252-204-7021 has never been authorized for inclusion in any solicitation and contract. ...If it's never been authorized for use, why did we get a class deviation telling people not to use it?" — A, [11:09]

Important Timestamps

00:02–02:18: CMMC final rule announced; key dates
04:00–05:36: Misinterpretation of “indefinitely”
06:16–09:36: Explanation of class deviations and their purpose
11:09–13:35: History and mistakes with clause 7021
15:00–16:41: Why October 1, 2025, is NOT the “go-live” date
18:48–19:49: Final takeaways and summary guidance

Conclusion

This episode decisively debunks confusion about the CMMC program's rollout, especially regarding class deviations versus the final rule. The industry’s focus should now shift exclusively to the final rule’s effective date—November 10, 2025—with prior confusion about class deviations and October 1 quickly fading into irrelevance. The episode advises listeners to prepare accordingly and directs them to upcoming webinars for more detailed CMMC guidance.

Podcast Summary: Sum IT Up: CMMC News Roundup

Episode: CMMC: Final Rule vs Class Deviation
Date: September 11, 2025
Host: Summit 7
Main Speakers: A (Summit 7 Host), B (Co-Host Jason)

Overview

Key Discussion Points & Insights

1. The Big News: The CMMC Final Rule Release

[00:02–02:51]

The long-awaited final rule to fully implement CMMC has been released (September 10, 2025).
The rule officially takes effect on November 10, 2025, launching the first phase of CMMC’s rollout.
From this date, all new DoD solicitations and contracts will contain some level of CMMC requirement based on the nature of the handled data.
This marks a shift from a pre-CMMC era, making compliance the rule rather than the exception.
A free Summit 7 webinar will break down the rule's details for contractors and interested parties.

Notable Quote:

"After that point, November 10th, all new DoD solicitations and contracts will have some level of CMMC requirement in them depending on the nature of the data that you are handling under your contract. From that day forward, any work that doesn't involve CMMC will be the exception rather than the rule. Everything changes."
— A, [01:15]

2. The Confusion: Class Deviation vs. Final Rule

[02:51–05:44]

Despite the final rule's announcement, rumors are circulating about CMMC being “suspended indefinitely” due to a class deviation memo, notably because it uses the word “indefinitely.”
The hosts clarify the meaning of "indefinitely" in DoD regulatory language. It simply means a date is not set—it does not signal permanence.

Notable Quote:

"Because some people, I think, are automatically programmed to think indefinite means this endless time lapse continuum, definitely is permanently. But realistically what the word means is that there's something brewing. We just don't know when it's going to finish brewing."
— B, [05:36]

3. What is a Class Deviation?

[06:16–09:36]

Definition: A class deviation is a temporary, authorized exception to government acquisition regulations (FAR, DFARS, etc.) affecting multiple contracts, used to address urgent needs or policy gaps until a permanent rule can be established.
The most recent class deviation (Class Deviation 2025-O0006) directs contracting officers not to use DFARS clause 252.204-7021 (the original CMMC contract clause) until the final rule’s effective date (November 10, 2025).
This does not suspend CMMC or affect the rollout—rather, it bridges the gap caused by misaligned or outdated regulatory text.

Notable Quote:

"This class deviation does not suspend CMMC. It does not affect the November 10th effective date. It does not change the phased rollout. It does not override the final rule whatsoever at all. Period."
— A, [08:39]

4. Why Was This Class Deviation Necessary?

[09:36–15:00]

Due to rulemaking timelines, the official regulatory literature (DFARS 252.204-7021) had an old phased rollout plan ending October 1, 2025, causing confusion as the new rule takes effect after that date.
Historically, the clause was never actually authorized for general use—errors and oversights led to its inclusion in some contracts.
The deviation serves as a temporary instruction: do not use the old version of the clause until the new, final rule is in place.

Notable Quote:

"At no point in time has the clause 7021 been allowed to go in any solicitation and contract. If it has, it has been a mistake… So if it's never been authorized for use, why did we get a class deviation telling people not to use it?"
— A, [11:09]

5. Widespread Misunderstandings & How They Occurred

[15:00–18:48]

Some DoD components and industry players mistakenly announced October 1, 2025, as the “go-live” date for CMMC, pulling from outdated rule text.
The class deviation corrects these misunderstandings by explicitly stating the clause’s current status and expiration.
The episode underscores the importance of reading current and official regulatory guidance—not relying on web search or AI outputs that might reference outdated proposals.

Notable Quote:

"I've been very disappointed in some of the DoD components understanding of the relationship between old clause language and upcoming new clause language. But that's besides the point. The real day is November 10th of 2025."
— A, [13:35]

6. Key Takeaways and Guidance

[18:48–19:49]

The only date that matters is November 10, 2025.
The class deviation is a temporary fix, expiring automatically with the final rule’s effective date.
Contractors should focus preparation efforts on November 10 and disregard “October 1st” rumors.
Future webinars and episodes will go deeper into the final rule's content and implementation steps.

Notable Quote:

"If anybody brings [the class deviation] up, you can just have them watch this episode or just direct them to the last paragraph of the two paragraphs that says it expires on the effective date. Effective date is November 10th. It won't be a thing anymore."
— A, [18:49]

Notable Quotes (by Timestamp & Speaker)

"Surreal is the word that I've been using and I've heard a lot of other people, a lot of other OGs in the space use is. It feels very surreal." — A, [02:51]
"Doesn't the rule being published and the effective date being put in place effectively void that class deviation?" — B, [09:36]
"DFARS clause 252-204-7021 has never been authorized for inclusion in any solicitation and contract. ...If it's never been authorized for use, why did we get a class deviation telling people not to use it?" — A, [11:09]

Important Timestamps

00:02–02:18: CMMC final rule announced; key dates
04:00–05:36: Misinterpretation of “indefinitely”
06:16–09:36: Explanation of class deviations and their purpose
11:09–13:35: History and mistakes with clause 7021
15:00–16:41: Why October 1, 2025, is NOT the “go-live” date
18:48–19:49: Final takeaways and summary guidance

wavePod

CMMC: Final Rule vs Class Deviation

Powered by Wave AI

Summary

Podcast Summary: Sum IT Up: CMMC News Roundup

Overview

Key Discussion Points & Insights

1. The Big News: The CMMC Final Rule Release

2. The Confusion: Class Deviation vs. Final Rule

3. What is a Class Deviation?

4. Why Was This Class Deviation Necessary?

5. Widespread Misunderstandings & How They Occurred

6. Key Takeaways and Guidance

Notable Quotes (by Timestamp & Speaker)

Important Timestamps

Conclusion

Summary

Podcast Summary: Sum IT Up: CMMC News Roundup

Overview

Key Discussion Points & Insights

1. The Big News: The CMMC Final Rule Release

2. The Confusion: Class Deviation vs. Final Rule

3. What is a Class Deviation?

4. Why Was This Class Deviation Necessary?

5. Widespread Misunderstandings & How They Occurred

6. Key Takeaways and Guidance

Notable Quotes (by Timestamp & Speaker)

Important Timestamps

Conclusion