Our organization is CMMC Level 1 Ready and has implemented all 17 required safeguards to protect Federal Contract Information (FCI) in alignment with FAR 52.204-21 and DoD guidance.

We leverage Microsoft 365 Business Standard with Apps, Microsoft Defender, Azure AD (Entra ID), and Intune for technical safeguards, supported by documented HR, IT, and security policies.

The 17 CMMC Level 1 Safeguards

Access Control (AC)

1. Limit information system access to authorized users.
2. Limit information system access to processes acting on behalf of authorized users.
3. Verify and control connections to external systems (e.g., unmanaged devices, third-party access).
4. Control information posted or disseminated publicly.

Identification & Authentication (IA)
5. Identify users uniquely.
6. Authenticate users before granting access (e.g., MFA).

Media Protection (MP)
7. Sanitize or destroy media before disposal or reuse.

Physical Protection (PE)
8. Limit physical access to systems and equipment.

System & Communications Protection (SC)
9. Monitor, control, and protect organizational communications (internal and external).
10. Use cryptographic protections when transmitting FCI.

System & Information Integrity (SI)
11. Identify, report, and correct system flaws promptly (patching/updates).
12. Protect against malicious code (anti-malware).
13. Update malicious code protections when new releases are available.
14. Perform periodic and real-time scans of files.

Personnel Security (PS)
15. Screen individuals before authorizing system access.

Awareness & Training (AT)
16. Train personnel on security risks and safeguards.

Configuration Management (CM)
17. Manage and enforce secure system settings (baselines, hardening).

Our Commitment
We maintain safeguards for FCI through Microsoft 365 technical tools and strong organizational policies, ensuring readiness for audits or verification by the DLA or DoD.