Prepare for CMMC certification with our self-assessment tool covering the 17 foundational practices required to protect Federal Contract Information (FCI).
The Cybersecurity Maturity Model Certification (CMMC) Level 1 represents the foundational tier of cybersecurity practices required for organizations handling Federal Contract Information (FCI) in Department of Defense contracts.
A focused set of basic cyber hygiene practices that form the foundation of cybersecurity for DoD contractors.
Level 1 requires annual self-assessment — no third-party certification needed. Results must be entered into SPRS.
Designed to protect Federal Contract Information — information not intended for public release provided by or generated for the government.
CMMC Level 1 practices are organized into 6 security domains, each addressing a specific area of cybersecurity protection.
Limit system access to authorized users, processes, and devices. Control what information users can access and what they can do with it.
Verify the identity of users, processes, and devices before granting access to organizational systems.
Protect information system media containing FCI, both paper and digital, and limit access to authorized personnel.
Limit physical access to systems, equipment, and operating environments to authorized individuals.
Monitor, control, and protect communications at external and key internal boundaries of information systems.
Identify, report, and correct system flaws in a timely manner. Provide protection from malicious code.
Any organization that handles Federal Contract Information (FCI) as part of a DoD contract.
Companies in the defense supply chain that receive FCI from prime contractors.
Organizations preparing to bid on DoD contracts that will require CMMC certification.
Organizations using Level 1 as a stepping stone toward CMMC Level 2 certification.
Our assessment tool guides you through all 17 practices with clear explanations and helps you document your compliance status for SPRS submission.
Navigate through the 6 security domains, reviewing practices in each area.
For each practice, assess your current implementation: Met, Partially Met, or Not Met.
Add notes describing how you implement each practice and any supporting evidence.
Download your assessment report for internal review and SPRS documentation.
A complete Level 1 assessment typically takes 30-60 minutes for organizations with basic documentation already in place.
Generate comprehensive reports to document your CMMC Level 1 compliance status and support your SPRS submission requirements.
Complete assessment results showing compliance status for each practice, organized by domain with summary statistics.
Supporting documentation formatted to help with your Supplier Performance Risk System (SPRS) score submission.
A password-protected JSON file containing all your assessment data. Use it to restore your assessment or transfer between devices.
The right CMMC level depends on the type of information you handle in your DoD contracts.
Try our CMMC Level 1 assessment tool with a free trial. Document your compliance status and prepare for your SPRS submission.
