MSU SBDC CyberSecurity

Level 1 Header


level 1 graphic image Level 1 requires that an organization performs the specified practices. Because the organization may only be able to perform these practices in an ad-hoc manner and may or may not rely on documentation, process maturity is not assessed for Level 1.

As a basic cyber hygiene level, level 1 focuses on the protection of Federal Contract Information (FCI) and consists only of practices that correspond to the basic safeguarding requirements specified in 48 CFR 52.204-21 ("Basic Safeguarding of Covered Contractor Information Systems").

CMMC Domains

The CMMC model consists of 17 domains. The majority of these domains originate from the security-related areas in Federal Information Processing Standards (FIPS) Publication 200 [12] and the related security requirement families from NIST SP 800-171 [4]. Level 1 consist of the following CMMC domains.

Click each domain to review the practices specified for level 1 accreditation.
AC Domain Button