CMMC 2.0 — Level 1

CMMC Level 1

Level 1 covers the 17 basic cyber hygiene practices required of any DoD contractor handling Federal Contract Information (FCI). It is the minimum bar to remain eligible for DoD contracts, and it requires an annual self-assessment submitted to SPRS.

Most popular
Level 1 Readiness
Gap assessment against all 17 Level 1 practices
Remediation guidance for each gap
System Security Plan (SSP) template and review
SPRS self-assessment score calculation
SPRS submission support
Annual affirmation preparation
Dedicated compliance manager

Questions? .

What's included

Everything in the package

17 practices, clearly mapped
We assess your current state against every Level 1 practice and give you a plain-language remediation checklist for anything that is not met.
SPRS score and submission
We calculate your accurate SPRS score and help you submit it to the Supplier Performance Risk System — required before you can receive new DoD awards.
Annual affirmation support
Level 1 requires an annual affirmation by a senior official. We prepare all supporting documentation and guide the executive through the SPRS affirmation process.
Questions

Common questions

What is FCI and who handles it?

Federal Contract Information (FCI) is information provided by or generated for the government under a contract. If your work involves any government-furnished data, specifications, or deliverables, you likely handle FCI.

Do I need a third-party assessor for Level 1?

No. Level 1 is self-assessed. You do not need a C3PAO. However, your score must be submitted to SPRS and affirmed annually by a senior company official.

What happens if I do not comply?

DoD contracts increasingly require CMMC compliance as a condition of award. Without a valid SPRS score and affirmation, you may be disqualified from new DoD contract awards.

Ready to get started?

Book a free 15-minute call and we'll walk you through exactly what's involved.

View all services