Federal Contract Information (FCI)

Federal Contract Information (FCI) is information provided by or generated for the government under a contract that is not intended for public release. It's a step below CUI in sensitivity — think of routine contract correspondence, delivery schedules, and basic project management data that the government doesn't want published but that isn't formally designated as CUI.

FCI requires a baseline level of protection under CMMC Level 1, which involves 15 fundamental cybersecurity practices like using passwords, limiting physical access, and keeping antivirus software current. These are basic hygiene measures that most businesses should already have in place.