--- title: "CHECKLIST: The 15 Foundational CMMC 2.0 Level 1 Requirements" date: 2024-12-09 11:33:41 description: "Download our comprehensive CMMC 2.0 Level 1 checklist to start your journey toward cyber hygiene compliance." keywords: "CMMC 2.0 Level 1" categories: [eBooks & Infosheets, The Datanomix Blog] tags: [Carbide, checklist, CMMC 2.0, Cyber Security, DoD, G-Code, Technology Partner] --- ## Navigating cybersecurity for your shop can seem like a labyrinth, especially for manufacturers handling Federal Contract Information (FCI). With the DoD’s CMMC 2.0 final rule posted, we’re here to help simplify the process. CMMC 2.0 Level 1 is the entry point for compliance, focusing on securing Federal Contract Information (FCI). Unlike [higher levels](https://datanomix.io/2024/09/23/how-manufacturers-can-get-secure-and-avoid-government-risk-with-cmmc-compliance/), Level 1 allows for self-assessment, which must be completed annually and reported to the [Supplier Performance Risk System](https://www.sprs.csd.disa.mil/) (SPRS). To complete a CMMC 2.0 Level 1 self-assessment, manufacturers must follow 15 foundational practices outlined in [FAR Clause 52.204-21](https://www.acquisition.gov/far/52.204-21) and ensure they are implemented across all systems. To ensure you’re on the easiest path to success, check out our on-demand webinar, [_**How to Streamline Your CMMC 2.0 Compliance**_](https://datanomix.io/2024/09/17/webinar-how-to-streamline-your-cmmc-2-0-compliance/). Then, [**download our comprehensive CMMC 2.0 Level 1 checklist**](https://6402824.fs1.hubspotusercontent-na1.net/hubfs/6402824/CMMC/15CMMC_Level1Requirments_Checklist.pdf) to start your journey toward compliance. The checklist outlines the 15 foundational practices focused on cyber hygiene across your systems. Implementing these controls **establishes** a foundational layer of security to protect FCI and helps your shop mitigate risk. [Get the Checklist](https://6402824.fs1.hubspotusercontent-na1.net/hubfs/6402824/CMMC/15CMMC_Level1Requirments_Checklist.pdf) ### Key Dates to Remember [This phased approach](https://datanomix.io/2024/10/22/the-cmmc-rule-is-final-posted-by-the-dod/) provides contractors with a clear roadmap for achieving compliance while minimizing disruptions*. - **Phase 1 — November 10, 2025 (now in effect):** CMMC clauses began appearing in new DoD solicitations and contract awards. Self-assessments (Level 1 and Level 2) are required as a condition of award for applicable contracts. The DoD has discretion to require third-party (C3PAO) Level 2 certification on prioritized contracts during this phase. [Learn more about the 48-CFR rule here](https://www.nationaldefensemagazine.org/articles/2025/9/9/cmmc-phase-1-to-begin-nov-10). - **Phase 2 — November 10, 2026:** Third-party C3PAO-assessed Level 2 becomes the default for contracts involving CUI. Self-assessments stop counting for CUI work. Level 3 assessments become available at DoD’s discretion. - **Phase 3 — November 10, 2027:** Level 2 (C3PAO) becomes a condition for option exercises on existing contracts, not just new awards. Level 3 (DIBCAC) assessment requirements become mandatory in applicable solicitations. - **Phase 4 — November 10, 2028:** Full implementation. CMMC requirements apply to all applicable DoD contracts, solicitations, and option periods above the micro-purchase threshold that handle FCI or CUI. [](https://6402824.fs1.hubspotusercontent-na1.net/hubfs/6402824/CMMC/15CMMC_Level1Requirments_Checklist.pdf) ### Start Your Free Assessment If you’re preparing for CMMC 2.0 Level 1 compliance, our technology partner, Carbide, offers a [free Self-Assessment Tool](https://carbidesecure.com/cmmc-level-1-questionnaire/) to help you navigate the process. This tool provides step-by-step guidance and generates a report identifying any gaps that must be addressed to meet the requirements. [START YOUR FREE ASSESSMENT](https://carbidesecure.com/cmmc-level-1-questionnaire/) _*For more guidance, consult resources such as the [DoD’s CMMC documentation and self-assessment guides](https://dodcio.defense.gov/cmmc/Resources-Documentation/)._ #### BUILT FOR CMMC 2.0 ## G-Code Management & DNC Platform The G-code piece of your CMMC plan. Traceability, compliance, and control — all in a GovCloud-hosted platform. [Learn More](https://datanomix.io/datanomix-g-code-cloud/) [](https://datanomix.io/datanomix-g-code-cloud/)