Level 1 in a Box Materials

CMMC Level 1 in a Box was created to help small companies develop a cybersecurity compliance program for CMMC Level 1 on their own, without having to pay for consulting services. However, implementing a cybersecurity compliance program – even for CMMC Level 1 – requires some IT knowledge. If your company outsources its IT services, you need to work with that company to develop your cybersecurity program.

CMMC Level 1 in a Box can also be used by any company wanting to develop a cybersecurity program for any level of compliance – the tool makes it easy to get started.

The CMMC Level 1 Assessment Guide provides guidance to assessors for conducting a CMMC Level 1 assessment.

Contents of CMMC Level 1 in a Box

  • CMMC Level 1 Guide – an Excel workbook that can be used to manage the development of your cybersecurity program and guide you through the necessary tasks.
    • Network diagram
    • Risk assessment
    • IT Asset Inventory
    • Gap analysis
    • Procedure for each practice
    • Plans to achieve compliance

The Guide also provides a template to help attain and maintain compliance.

  • Data Security Policy Template – CMMC Level 1 does not require that you develop a data security policy, but it is highly recommended, and the template is a tool you can use to develop your policy.