CMMC Level 1: Guides, Briefs,
and Practical Compliance Knowledge
These resources help confirm whether CMMC Level 1 applies to your company, what the 15 requirements involve, or how to work through the self-assessment and Supplier Performance Risk System (SPRS) submission process independently.
Actionable Insights
What Comes Up on Every Scoping Call
Each brief reflects a question or gap that appears across multiple first-time Level 1 engagements. These are the questions most companies encounter for the first time on the scoping call.
Explore More Insights From DivIHN
Explore perspectives on security testing, compliance, risk, and the challenges organizations face in today's threat landscape.
Learn what CMMC is, who needs it, and how to determine if your business requires Level 1 compliance for DoD contracts.
Learn the key differences between CMMC Level 1 and Level 2, understand FCI vs. CUI, and determine which CMMC level your DoD contract requires to avoid unnecessary costs or compliance risks.
Understand what CMMC means for DoD subcontractors, how compliance requirements flow down from prime contractors, who must comply, and the steps to determine your CMMC obligations.
Complete CMMC Level 1 self-assessment guide: define scope, work through 15 practices, fix common gaps, and submit your SPRS affirmation.
Prepare for the October 2026 CMMC deadline. Learn how compliance affects DoD contract eligibility, SPRS affirmations, renewals, and subcontractors.