CMMC 2.0 Level 1
Cybersecurity Maturity Model Certification version 2.0 Level 1 (Foundational). 17 practices mapped to FAR 52.204-21.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (6)
Access Control
| Code | Title |
|---|---|
| AC.L1-3.1.1 | Authorized Access Control |
| AC.L1-3.1.2 | Transaction and Function Control |
| AC.L1-3.1.20 | External Connections |
| AC.L1-3.1.22 | Control Public Information |
Identification and Authentication
| Code | Title |
|---|---|
| IA.L1-3.5.1 | Identification |
| IA.L1-3.5.2 | Authentication |
Media Protection
| Code | Title |
|---|---|
| MP.L1-3.8.3 | Media Disposal |
Physical Protection
| Code | Title |
|---|---|
| PE.L1-3.10.1 | Limit Physical Access |
| PE.L1-3.10.3 | Escort Visitors |
| PE.L1-3.10.4 | Physical Access Logs |
| PE.L1-3.10.5 | Manage Physical Access |
System and Communications Protection
| Code | Title |
|---|---|
| SC.L1-3.13.1 | Boundary Protection |
| SC.L1-3.13.5 | Public-Access System Separation |
System and Information Integrity
| Code | Title |
|---|---|
| SI.L1-3.14.1 | Flaw Remediation |
| SI.L1-3.14.2 | Malicious Code Protection |
| SI.L1-3.14.4 | Update Malicious Code Protection |
| SI.L1-3.14.5 | System and File Scanning |
Your Compliance Coverage
If you comply with CMMC 2.0 Level 1, you already cover:
NIST SP 800-53 Rev 5
100%
17 controls mapped
Compare →CMMC 2.0
100%
17 controls mapped
Compare →NIST Cybersecurity Framework 2.0
24%
4 controls mapped
Compare →+ 5 more: ISO 27001:2022 (6%), ISO 27002:2022 (6%)
See all 8 mapped frameworks ↓Maps to 8 other frameworks
Frequently Asked Questions
What is CMMC 2.0 Level 1?
CMMC 2.0 Level 1 is a compliance framework from United States with 6 domains and 17 controls. Cybersecurity Maturity Model Certification version 2.0 Level 1 (Foundational). 17 practices mapped to FAR 52.204-21. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does CMMC 2.0 Level 1 have?
CMMC 2.0 Level 1 has 17 controls organised across 6 domains. The largest domains are Access Control (4 controls), Physical Protection (4 controls), System and Information Integrity (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does CMMC 2.0 Level 1 map to?
CMMC 2.0 Level 1 maps to 8 other compliance frameworks. The top mapping partners are NIST SP 800-53 Rev 5 (100% coverage), CMMC 2.0 (100% coverage), NIST Cybersecurity Framework 2.0 (24% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with CMMC 2.0 Level 1 compliance?
Start your CMMC 2.0 Level 1 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about CMMC 2.0 Level 1 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 17 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required