Assessments
CMMC Level 1 Assessment - FCI Basic Safeguarding
Assess your implementation of the 15 CMMC Level 1 practices (the FAR 52.204-21 basic safeguarding requirements for Federal Contract Information). An internal readiness self-assessment for DoD contractors preparing for the annual Level 1 self-assessment: it is not the official self-assessment, does not produce or submit an SPRS score, and does not confer a CMMC Status.
Use this page to decide whether this assessment belongs in your binder and which supported frameworks can include framework-specific language.
6 guided sections · 30 questions in the wizard
What this assessment covers
- 01
Access Control (AC)
Assess the four Level 1 Access Control practices: who can reach systems that handle Federal Contract Information (FCI), what they can do there, how external connections are controlled, and what appears on public systems.
- 02
Identification & Authentication (IA)
Assess the two Level 1 Identification and Authentication practices: identifying users, processes, and devices, and verifying those identities before granting access.
- 03
Media Protection (MP)
Assess the single Level 1 Media Protection practice: sanitizing or destroying media that contains FCI before it leaves your control.
- 04
Physical Protection (PE)
Assess the two Level 1 Physical Protection practices: limiting physical access to FCI systems and managing visitors, physical access logs, and access devices.
- 05
System & Communications Protection (SC)
Assess the two Level 1 System and Communications Protection practices: monitoring and protecting communications at network boundaries, and separating publicly accessible components from the internal network.
- 06
System & Information Integrity (SI)
Assess the four Level 1 System and Information Integrity practices: fixing flaws in a timely manner, protecting against malicious code, keeping that protection updated, and scanning systems and incoming files.
Decisions this assessment captures
A sample of the guided questions the wizard walks through. Answers stay placeholder-safe in the hosted draft; sensitive specifics are completed in your exported copy.
- AC.L1-b.1.i: Authorized Access Control
- IA.L1-b.1.v: Identification
- MP.L1-b.1.vii: Media Disposal
- PE.L1-b.1.viii: Limit Physical Access
- SC.L1-b.1.x: Boundary Protection
- SI.L1-b.1.xii: Flaw Remediation
- AC.L1-b.1.i: Evidence or notes
- IA.L1-b.1.v: Evidence or notes
- MP.L1-b.1.vii: Evidence or notes
- PE.L1-b.1.viii: Evidence or notes
Supported framework mappings
When teams need it
- A customer, insurer, partner, or internal reviewer asks for the document.
- You need a clear owner, scope, review cadence, and evidence checklist.
- You want framework-aware wording without starting from a blank template.
What Security Binder generates
- A structured draft based on your business profile and answers.
- Framework-aware wording where the product supports that framework mapping.
- PDF, DOCX, Markdown, and Local Pack exports for review and local finalization.
Create this document from guided questions.
Generate a structured draft, export it, and finish sensitive proof locally.
Get started