Level 1 of CMMC addresses the protection of Federal Contract Information (FCI) and encompasses the basic safeguarding requirements for FCI specified in Federal Acquisition Regulation (FAR) Clause 52.204-21, which defines FCI as:
Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments
The CMMC assessment procedure leverages the Assessment Procedure defined in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171A Section 2.11: An assessment procedure consists of an assessment objective and a set of potential assessment methods and assessment objects that can be used to conduct the assessment.
This course is intended to invoke knowledge on Assessors responsible for conducting these assessments. Each assessment objective is addressed and includes a determination statement related to the [CMMC practice] that is the subject of the assessment. Further, the determination statements are linked to the content of the [CMMC practice] to ensure traceability of the assessment results to the requirements.
After completing the associated exam, Assessors are: