← All framework documents

Assessments

CMMC Level 1 Assessment - FCI Basic Safeguarding

Assess your implementation of the 15 CMMC Level 1 practices (the FAR 52.204-21 basic safeguarding requirements for Federal Contract Information). An internal readiness self-assessment for DoD contractors preparing for the annual Level 1 self-assessment: it is not the official self-assessment, does not produce or submit an SPRS score, and does not confer a CMMC Status.

Use this page to decide whether this assessment belongs in your binder and which supported frameworks can include framework-specific language.

6 guided sections · 30 questions in the wizard

What this assessment covers

  1. 01

    Access Control (AC)

    Assess the four Level 1 Access Control practices: who can reach systems that handle Federal Contract Information (FCI), what they can do there, how external connections are controlled, and what appears on public systems.

  2. 02

    Identification & Authentication (IA)

    Assess the two Level 1 Identification and Authentication practices: identifying users, processes, and devices, and verifying those identities before granting access.

  3. 03

    Media Protection (MP)

    Assess the single Level 1 Media Protection practice: sanitizing or destroying media that contains FCI before it leaves your control.

  4. 04

    Physical Protection (PE)

    Assess the two Level 1 Physical Protection practices: limiting physical access to FCI systems and managing visitors, physical access logs, and access devices.

  5. 05

    System & Communications Protection (SC)

    Assess the two Level 1 System and Communications Protection practices: monitoring and protecting communications at network boundaries, and separating publicly accessible components from the internal network.

  6. 06

    System & Information Integrity (SI)

    Assess the four Level 1 System and Information Integrity practices: fixing flaws in a timely manner, protecting against malicious code, keeping that protection updated, and scanning systems and incoming files.

Decisions this assessment captures

A sample of the guided questions the wizard walks through. Answers stay placeholder-safe in the hosted draft; sensitive specifics are completed in your exported copy.

  • AC.L1-b.1.i: Authorized Access Control
  • IA.L1-b.1.v: Identification
  • MP.L1-b.1.vii: Media Disposal
  • PE.L1-b.1.viii: Limit Physical Access
  • SC.L1-b.1.x: Boundary Protection
  • SI.L1-b.1.xii: Flaw Remediation
  • AC.L1-b.1.i: Evidence or notes
  • IA.L1-b.1.v: Evidence or notes
  • MP.L1-b.1.vii: Evidence or notes
  • PE.L1-b.1.viii: Evidence or notes

Supported framework mappings

When teams need it

  • A customer, insurer, partner, or internal reviewer asks for the document.
  • You need a clear owner, scope, review cadence, and evidence checklist.
  • You want framework-aware wording without starting from a blank template.

What Security Binder generates

  • A structured draft based on your business profile and answers.
  • Framework-aware wording where the product supports that framework mapping.
  • PDF, DOCX, Markdown, and Local Pack exports for review and local finalization.

Create this document from guided questions.

Generate a structured draft, export it, and finish sensitive proof locally.

Get started

Last reviewed: July 2026

Security Binder prepares documentation. It does not guarantee compliance, insurance coverage, or audit acceptance, and it does not substitute for licensed legal or audit review. Framework names are the property of their respective publishers.