CMMCDocs.comHome / Glossary / CMMC Level 1
CMMC Level 1
Also known as: Level 1 · L1 · CMMC L1 · Foundational
The Foundational level of CMMC, covering 17 basic safeguarding practices for contractors handling Federal Contract Information (FCI). Allows annual self-assessment.
CMMC Level 1 is the Foundational tier of the CMMC 2.0 program. It applies to defense contractors and subcontractors that process, store, or transmit Federal Contract Information (FCI) but do not handle Controlled Unclassified Information (CUI).
Level 1 requires implementation of 17 basic safeguarding practices drawn from FAR 52.204-21. These cover the fundamentals: limit system access, identify users, verify authorizations, control physical access, monitor communications, and so on.
Unlike Level 2 and Level 3, Level 1 permits annual self-assessment with senior official affirmation in SPRS. There is no third-party assessment requirement, though the company official affirming the score is personally accountable for its accuracy.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account