CMMC Level 1
Cybersecurity Maturity Model Certification Level 1 - the 15 FAR 52.204-21 basic safeguarding requirements for DoD contractors handling Federal Contract Information (FCI), self-assessed annually with an affirmation in SPRS
These are the 10 Security Binder documents mapped to CMMC Level 1. Build drafts from guided questions, export them, and finish sensitive proof in your own environment.
Policies
Acceptable Use Policy
Set clear rules for how employees and contractors may use company systems, devices, and data. Commonly requested for cyber insurance and compliance programs.
Acceptable Use Policy guide →Account & Access Control Policy
Define how user accounts, service accounts, and authentication systems are inventoried, managed, and secured.
Account & Access Control Policy guide →Asset & Software Inventory Policy
Define how hardware, software, SaaS, cloud, and data-processing assets are inventoried, owned, reviewed, and retired.
Asset & Software Inventory Policy guide →Data Management Policy
Define how your organization inventories, classifies, handles, retains, and disposes of data across all systems and storage locations.
Data Management Policy guide →Information Security Policy
The overarching policy that defines your organization's commitment to protecting information assets, establishes security principles, and assigns responsibilities.
Information Security Policy guide →Secure Configuration Policy
Establish and maintain secure configuration baselines for enterprise assets and network infrastructure to reduce attack surface.
Secure Configuration Policy guide →Plans
Incident Response Plan
Define how your team detects, contains, and recovers from security incidents, with roles, timelines, and communication steps.
Incident Response Plan guide →Network Architecture Plan
Document your network architecture, segmentation strategy, and security boundaries to maintain visibility and control over network traffic.
Network Architecture Plan guide →Vulnerability Management Plan
Define how your organization identifies, prioritizes, and remediates vulnerabilities across enterprise assets and software.
Vulnerability Management Plan guide →Authoritative references
- Cybersecurity Maturity Model Certification (CMMC) program (U.S. Department of Defense CIO)
- FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems (Acquisition.gov)
Build your CMMC Level 1 document set.
Answer guided questions, generate drafts, and export them for review.
Get started