CMMCDocs.comHome / Glossary / FAR 52.204-21
FAR 52.204-21
Also known as: FAR Basic Safeguarding
The Federal Acquisition Regulation clause that establishes 17 basic safeguarding practices for federal contractors handling Federal Contract Information (FCI). Underlies CMMC Level 1.
FAR 52.204-21, 'Basic Safeguarding of Covered Contractor Information Systems,' is the Federal Acquisition Regulation clause that establishes 17 basic cybersecurity practices that every federal contractor handling Federal Contract Information must implement.
The 17 practices cover the fundamentals: limit system access to authorized users, limit access to authorized functions, verify users, control physical access, monitor communications, implement subnetworks, identify users, authenticate users, and so on.
FAR 52.204-21 is the legal basis for CMMC Level 1. Any contractor handling FCI must comply with FAR 52.204-21 and (if assessed under CMMC) hold Level 1 certification.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account