CMMC Level 1 Self-Assessment Guide

Written By Brian Hubbard

The CMMC Level 1 Self-Assessment Guide provides instructions for DoD contractors to evaluate their compliance with 15 basic safeguarding practices required under FAR 52.204-21 to protect Federal Contract Information (FCI).

The guide covers how to:

  • Identify assets in scope—those that process, store, or transmit FCI.

  • Assess each practice using simplified techniques adapted from NIST SP 800-171A.

  • Document results as MET, NOT MET, or NOT APPLICABLE.

  • Submit an annual affirmation—a senior company official must affirm the results and post them to the Supplier Performance Risk System (SPRS).

There is no formal certification for Level 1. Compliance is demonstrated through this self-assessment and annual affirmation process.

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL1v2.pdf

Brian Hubbard
Previous

CMMC Scoping Guide for Level 1
Next

CMMC Level 2 Scoping Guidance