Training Courses →

CMMC L1 Compliance Pack

Let us get you to a defensible Level 1 self-assessment

Level 1 is fifteen requirements and an annual self-assessment you affirm yourself, which sounds simple until an auditor asks you to evidence it. We give you the policies, procedures, and evidence logs that stand behind each requirement, plus the scoring workbook to work out and affirm your status in SPRS.

$399 One-time purchase · Every future update included Free sample · real documents · no email required Instant download · Editable Word, Excel & PowerPoint · Single-organization license
CMMC Level 1FAR 52.204-21FCI
Policies and procedures for the FAR 52.204-21 requirements
Evidence logs and a self-assessment workbook
Scope guidance for Federal Contract Information

CMMC is in DoD contracts now. Level 1 is the bar every FCI contractor has to clear.

Since November 2025, CMMC requirements have been appearing in new DoD solicitations. If your systems process, store, or transmit Federal Contract Information, Level 1 is your obligation: an annual self-assessment against the 15 requirements, affirmed in SPRS. There is no third-party assessor at this level, but every one of the 15 has to be met and you have to be able to show it. Primes are already asking subcontractors where they stand.

This pack gets you to a self-assessment you can stand behind: the policies and procedures that satisfy each requirement, the logs that evidence them, and the workbook that scores you against the practice set before you affirm.

What Level 1 requires

The 15 requirements fall across six control areas. The pack carries a policy, a procedure, and an evidence log for each.

1
Access control
An Access Control Policy with a User Access Management Procedure, an access request form, and a register, so only authorized people reach FCI.
2
Identification and authentication
An Identification and Authentication Policy covering unique identities and the authentication the requirements expect.
3
Media protection
A Media Protection Policy and a sanitization and disposal procedure, with a sanitization log to evidence it.
4
Physical protection
A Physical Protection Policy with access and visitor logs and a device register, the evidence assessors look for first.
5
System and communications protection
A System and Communications Protection Policy with an external connection procedure and an inventory of those connections.
6
System and information integrity
A System and Information Integrity Policy with malware protection and patch management procedures, and the scan and patch logs that prove they run.

Get to a self-assessment you can defend

Level 1 is yours to assess and affirm. The pack moves you through it in order.

Step 1 · Scope

An FCI Scoping Guide to draw the boundary of what is actually in assessment scope.

Step 2 · Assess

A Practice Assessment Workbook and Gap Analysis to test yourself against all 15 requirements.

Step 3 · Evidence

An Evidence Collection Checklist, a screenshot guide, and a PowerShell command reference to capture proof.

Step 4 · Affirm

A Compliance Score Calculator and an Annual Self-Assessment Record to score, document, and affirm in SPRS.

What this looks like in practice

A prime asks for your CMMC status

You complete the self-assessment, score it against the 15 requirements, and affirm in SPRS, instead of stalling a contract you are otherwise ready to win.

You start handling FCI on a new contract

The policies and procedures map to every requirement, so the controls are documented from day one rather than reconstructed under audit.

You can see Level 2 coming

An included Level 2 Readiness Guide shows the gap to the 110-control standard, so the move up is planned rather than a scramble.

Clear Level 1 with a self-assessment you can stand behind.

Editable Word and Excel · Policies, procedures, evidence logs, and scoring · Buy once, and we send you every future update

Who it's for

Subcontractors and suppliers in the DoD supply chain that handle Federal Contract Information, any firm a prime has asked for a CMMC status, and organizations that will face Level 2 later and want the foundation in place now. The Level 1 self-assessment is performed and affirmed by you; this pack is what makes it defensible.

See inside

Real pages from the documents

A free sample from the CMMC L1 Compliance Pack. No email required, open it and judge the quality for yourself.

Sample page from the CMMC L1 Compliance PackSample page from the CMMC L1 Compliance PackSample page from the CMMC L1 Compliance Pack

Open the full sample

What is inside

Every document in the pack

39 documents, mapped to CMMC Level 1 / FAR 52.204-21 (FCI). Buy once, and every future update is included.

Start Here · 2 documents
CMMC-CHK-001Self Assessment ChecklistWord
CMMC Kit License AgreementWord
Policies · 8 documents
CMMC-POL-001-FCIProtection PolicyWord
CMMC-POL-002Access Control PolicyWord
CMMC-POL-003Identification Authentication PolicyWord
CMMC-POL-004Media Protection PolicyWord
CMMC-POL-005Physical Protection PolicyWord
CMMC-POL-006System Communications Protection PolicyWord
CMMC-POL-007System Information Integrity PolicyWord
CMMC-POL-008Acceptable Use PolicyWord
Procedures · 6 documents
CMMC-PROC-001User Access Management ProcedureWord
CMMC-PROC-002External System Connection ProcedureWord
CMMC-PROC-003Media Sanitisation Disposal ProcedureWord
CMMC-PROC-004Physical Access Control ProcedureWord
CMMC-PROC-005Malware Protection ProcedureWord
CMMC-PROC-006Vulnerability Patch Management ProcedureWord
Forms Templates · 11 documents
CMMC-FRM-001User Access Request FormExcel
CMMC-FRM-002User Access RegisterExcel
CMMC-FRM-003External Connections InventoryExcel
CMMC-FRM-004Asset System InventoryExcel
CMMC-FRM-005Media Sanitisation LogExcel
CMMC-FRM-006Physical Access LogExcel
CMMC-FRM-007Visitor LogExcel
CMMC-FRM-008Physical Access Device RegisterExcel
CMMC-FRM-009Malware Scan LogExcel
CMMC-FRM-010Patch Management LogExcel
CMMC-FRM-011Annual Self Assessment RecordWord
Self Assessment · 4 documents
CMMC-ASSESS-001Practice Assessment WorkbookExcel
CMMC-ASSESS-002Evidence Collection ChecklistExcel
CMMC-ASSESS-003Gap Analysis TemplateExcel
CMMC-ASSESS-004Compliance Score CalculatorExcel
Guides · 5 documents
CMMC-GUIDE-001Quick Start GuideWord
CMMC-GUIDE-002-FCIScoping GuideWord
CMMC-GUIDE-003Self Assessment Preparation GuideWord
CMMC-GUIDE-004Level 1 FAQWord
CMMC-GUIDE-005Level 2 Readiness GuideWord
Technical Verification · 3 documents
CMMC-VERIFY-001Practice Verification ChecklistWord
CMMC-VERIFY-002Evidence Screenshot GuideWord
CMMC-VERIFY-003PowerShell Command ReferenceWord

Want to see the quality behind the titles? Preview a sample document →

Works well with

CMMC L2 Compliance Pack

CMMC L2 Compliance Pack

$1,497
CMMC Level 2NIST SP 800-171CUI
SME Security Program Pack

SME Security Program Pack

$497
NIST CSF 2.0ISO 27001CIS Controls v8

Document Customization

Need this customized to your organization?

Complete an intake form. We customize every document: industry context, regulatory mapping, calibrated parameters. Delivered in 7-10 business days.

Learn More →

Need the skills to operate the program? Our training platform builds the capability. Explore courses →

Related products

CMMC L2 Compliance Pack

CMMC L2 Compliance Pack

$1,497
CMMC Level 2NIST SP 800-171CUI
SME Security Program Pack

SME Security Program Pack

$497
NIST CSF 2.0ISO 27001CIS Controls v8
Cyber Essentials Pack

Cyber Essentials Pack

$200
Cyber EssentialsNCSC Five ControlsIASME

Ready to strengthen your security program?

Get started with professional, audit-ready documentation today.

Buy Now · $399 View All Products
CMMC L1 Compliance Pack $399 Preview Buy Now