CMMC Level 1 is the entry-level cybersecurity requirement for DoD contractors handling Federal Contract Information (FCI). Since compliance is mandatory for virtually all contracts involving FCI as of November 10, 2025, this episode breaks down the 15 basic safeguarding practices (aligned with FAR 52.204-21) that you must implement. We guide small businesses through the process: how to scope your systems, ensure you have documented policies for areas like access control and malware defense, and perform the required annual self-assessment. Learn how to properly submit your findings to the DoD Supplier Performance Risk System (SPRS) and secure the mandatory Senior Official Affirmation, while avoiding major pitfalls like underscoping your systems or attempting to use Plans of Action & Milestones (POA&Ms), which are strictly disallowed at Level 1.

Ver todos los episodios