CMMC Level 1

CMMC Level 1 is the foundational tier of the Cybersecurity Maturity Model Certification. It requires implementing 15 basic cybersecurity practices drawn from FAR 52.204-21, covering fundamental protections like using passwords, installing antivirus software, and limiting physical access to systems.

Level 1 applies to environments handling Federal Contract Information (FCI) but not Controlled Unclassified Information (CUI). It is typically supported through annual self-assessment and documented evidence of implemented practices.