CHECKLIST: The 15 Foundational CMMC 2.0 Level 1 Requirements
Navigating cybersecurity for your shop can seem like a labyrinth, especially for manufacturers handling Federal Contract Information (FCI). With the DOD’s CMMC 2.0 final rule posted, we’re here to help simplify the process.
CMMC 2.0 Level 1 is the entry point for compliance, focusing on securing Federal Contract Information (FCI). Unlike higher levels, Level 1 allows for self-assessment, which must be completed annually and reported to the Supplier Performance Risk System (SPRS). To complete a CMMC 2.0 Level 1 self-assessment, manufacturers must follow 15 foundational practices outlined in FAR Clause 52.204-21 and ensure they are implemented across all systems.
To ensure you’re on the easiest path to success, check out our on-demand webinar, How to Streamline Your CMMC 2.0 Compliance. Then, download our comprehensive CMMC 2.0 Level 1 checklist to start your journey toward compliance. The checklist outlines the 15 foundational practices focused on cyber hygiene across your systems. Implementing these controls ensures your shop is mitigating risks and indoctrinating a foundational layer of security to protect FCI.Â
Key Dates to Remember
This phased approach provides contractors with a clear roadmap for achieving compliance while minimizing disruptions*.
- Phase 1: December 16, 2024
Self-assessments become mandatory for all organizations handling FCI or CUI data. Contractors must demonstrate compliance with basic cyber hygiene practices or NIST SP 800-171 controls. Download a checklist of CMMC 2.0 Level 1 requirements. - Phase 2: December 2025
Certain contracts will require third-party certifications (C3PAO) for Level 2 compliance. This phase focuses on contracts involving sensitive or critical defense information. - Phase 3: December 2026
Full certification requirements will extend to all contracts requiring CMMC 2.0 compliance. Self-assessments will no longer suffice for most contracts. - Phase 4: Full CMMC 2.0 Compliance Across the DIB
All contracts requiring CMMC 2.0 compliance will enforce certification, ensuring consistency and security throughout the DIB.
Start Your Free Assessment
If you’re preparing for CMMC 2.0 Level 1 compliance, our technology partner, Carbide, offers a free Self-Assessment Tool to help you navigate the process. This tool provides step-by-step guidance and generates a report identifying any gaps that must be addressed to meet the requirements.
*For more guidance, consult resources such as the DoD’s CMMC documentation and self-assessment guides.
INTRODUCING
Advanced G-Code Management & DNC Platform
The ultimate platform for traceability, compliance, and control so you make it right every time.