LakeRidge Blog
CMMC Level 1 & FAR 52.204-21
Guides and checklists for every FAR 52.204-21 basic safeguarding requirement and CMMC 2.0 Level 1 practice — how defense contractors handling FCI implement, document, and prove each control.
Need help putting this into practice? See our CMMC Level 1 compliance services or the CMMC handbook.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.II: Practical Exercises to Enforce Authorized Functions Only
Practical, exercise-driven guidance for training admins and users to enforce 'authorized functions only' under FAR 52.204-21 and CMMC 2.0 Level 1, with small-business examples and measurable compliance artifacts.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.II: Train Administrators and Users to Enforce Transaction-Level Access Controls
Practical, step-by-step guidance for training admins and users to implement transaction-level access controls required by FAR 52.204-21 and CMMC 2.0 Level 1, with examples, checklists, and measurable evidence for audits.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIII: Secure BYOD and OT Devices with Lightweight Anti-Malware
Practical steps for small businesses to meet FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XIII by deploying lightweight anti-malware on BYOD and OT devices with compensating controls where agents are infeasible.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Step-by-Step: Migrating Public Services into Isolated Subnetworks Without Downtime
Practical, step-by-step guidance for small businesses to migrate public-facing services into isolated subnetworks (DMZ/private subnets) without downtime to meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.XI requirements.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: Use Open-Source Tools to Monitor Organizational Communications
Practical guide showing how small organizations can use open-source network, host, and log-monitoring tools to meet FAR 52.204-21 / CMMC 2.0 Level 1 monitoring expectations for organizational communications.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XV: Train Staff and Integrate Scan Workflows into Incident Response for Files Downloaded or Executed
Practical, step-by-step guidance to train staff and embed automated/manual scanning into incident response workflows to meet FAR 52.204-21 and CMMC 2.0 Level 1 (SI.L1-B.1.XV) requirements for files downloaded or executed.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: Train Operations Teams and Operationalize Monitoring of External/Internal Boundaries
Practical guidance for operations teams to define, monitor, and respond to external/internal network boundary events to meet FAR 52.204-21 and CMMC 2.0 Level 1 monitoring expectations.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VIII: Implement Temporary Access Controls and Emergency Procedures
Practical, step-by-step guidance for implementing temporary access controls and emergency procedures that satisfy FAR 52.204-21 and CMMC 2.0 Level 1 while keeping small-business operations running smoothly.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Train Your Team on Secure Media Destruction for Federal Contract Information
Practical, step‑by‑step guidance to train small business teams on secure media destruction to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements while preserving evidence and minimizing risk.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: Train Staff to Monitor and Control Communications
Practical, step-by-step guidance to train staff to monitor and control communications and meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.X requirements, including policies, playbooks, tools, and tabletop exercises for small businesses.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Train IT Teams to Enforce Identification Requirements
Practical, exercise-based guidance for IT teams to enforce identification and authentication requirements under FAR 52.204-21 and CMMC 2.0 Level 1, with small-business examples and technical implementation tips.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.II: Test and Validate Transaction-Level Access Controls with Practical Use Cases
Step-by-step guidance to test and validate transaction-level access controls for FAR 52.204-21 and CMMC 2.0 Level 1 (AC.L1-B.1.II), with practical tools, examples, and audit-ready evidence for small businesses.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Integrate Media Sanitization into Your Incident Response and Asset Lifecycle
Practical guidance for small businesses to integrate media sanitization into incident response and asset lifecycle processes to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Implementing Procedures to Sanitize or Destroy Media Containing FCI
Practical training steps, procedures, and verification techniques to ensure staff properly sanitize or destroy media containing Federal Contract Information to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VIII: Prepare Audit Evidence and Maintain Continuous Compliance
Practical steps, evidence examples, and continuous-monitoring techniques to demonstrate and maintain compliance with FAR 52.204-21 / CMMC 2.0 Level 1 physical protection control PE.L1-B.1.VIII for small contractors.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XII: Implement Rapid Patch Management to Correct Information System Flaws
Practical, step-by-step guidance for small businesses to implement rapid patch management that meets FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XII requirements while reducing exposure to exploited vulnerabilities.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.I: Step-by-Step Guide to Restricting System Access to Authorized Users, Processes, and Devices
Practical, step-by-step guidance for meeting FAR 52.204-21 and CMMC 2.0 Level 1 AC.L1-B.1.I by restricting system access to authorized users, processes, and devices with real-world examples for small businesses.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Implement Chain-of-Custody and Reuse Verification for Media Containing FCI
Step-by-step how-to for small businesses to implement chain-of-custody and reuse verification for media containing Federal Contract Information (FCI) to meet FAR 52.204‑21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.II: Configure Windows, Linux, and Cloud Permissions to Limit User Transactions
Step-by-step guidance to configure Windows, Linux, and cloud permissions to restrict user transactions and meet FAR 52.204-21 / CMMC 2.0 Level 1 requirements using least privilege, logging, and automation.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XV: Select and Deploy Tools for Real-Time Scanning of External Files and Periodic System Scans
Practical guidance for selecting, configuring, and evidencing real-time external file scanning and periodic system scans to meet FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XV requirements.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIV: Configure Automatic Updates for Endpoint Malware Tools
Step-by-step guidance for small businesses to configure automatic updates for endpoint malware tools to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements while maintaining audit evidence and operational reliability.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIV: Build a Patch-and-Update Workflow to Keep Malicious Code Protection Current
Step-by-step guidance for building a repeatable patch-and-update workflow that keeps anti-malware and system protections current to meet FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XIV requirements.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIII: Build a Compliance Checklist
A practical, step-by-step guide to building a compliance checklist for FAR 52.204-21 and CMMC 2.0 Level 1 (SI.L1-B.1.XIII) covering risk assessment, technical controls, evidence collection, and continuous monitoring for small businesses.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Practical Tools and Methods to Sanitize Hard Drives and Flash Media
Practical, step-by-step guidance and tool recommendations to sanitize HDDs, SSDs, and removable flash media in ways that support FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.V.II compliance while enabling verifiable records and low-cost implementation for small businesses.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Practical Checklist: Identify Information System Users, Processes Acting on Behalf of Users, and Devices
A concise, practical checklist to inventory and identify all users, service processes acting on their behalf, and devices to meet FAR 52.204-21 / CMMC 2.0 Level 1 IA.L1-B.1.V requirements for small and midsize organizations.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Use Checklists and Templates to Dispose of Federal Contract Information Media Compliantly
Practical, step-by-step guidance and ready-to-adapt checklist/template fields to dispose of Federal Contract Information media in compliance with FAR 52.204-21 and CMMC 2.0 Level 1 (MP.L1-B.1.VII).
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Create a Step-by-Step Network Segmentation Checklist to Implement
A practical, step-by-step network segmentation checklist to help small businesses meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.XI requirements while documenting evidence for the FAR 52.204-21 / CMMC Level 1 framework.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: Configure Firewalls and Traffic Filters
Step-by-step, practical guidance for small businesses to configure firewalls and traffic filters to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 (SC.L1-B.1.X) requirements, with sample rules, commands, and audit evidence suggestions.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Build Physical and Logical Subnetworks on AWS
A practical, hands-on guide showing how small businesses can design AWS account/VPC/subnet architectures, networking controls, and monitoring to meet SC.L1-B.1.XI (FAR 52.204-21 / CMMC 2.0 Level 1) basic safeguarding requirements.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XV: Select and Deploy Scanning Tools That Meet Requirements
Practical guidance for small businesses to select, configure, and operate vulnerability and malware scanning tools that produce auditable evidence for FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XV requirements.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VIII: Prepare for an Audit: Evidence and Documentation to Demonstrate Compliance
Practical guidance and an evidence checklist for small businesses to demonstrate compliance with FAR 52.204-21 / CMMC 2.0 Level 1 (PE.L1-B.1.VIII) through physical access and safeguarding documentation.
CMMC Level 1 ·Apr 2026
How to Implement Low-Cost, High-Impact Controls for FAR 52.204-21 / CMMC 2.0 Level 1 in Small Defense Contractors
Practical, budget-friendly steps small defense contractors can apply right away to meet FAR 52.204-21 / CMMC 2.0 Level 1 basic safeguarding requirements under the FAR 52.204-21 / CMMC Level 1 framework.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Design Cloud Subnetworks in AWS/Azure/GCP for Public-Facing Components
Practical playbook for designing AWS/Azure/GCP subnetworks for public-facing components to meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.XI requirements, with step-by-step configuration, examples, and audit evidence guidance.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VIII: Step-by-Step Guide: How to Zone Your Facility and Restrict Equipment Access for Compliance
Practical, step-by-step instructions to zone your facility and restrict equipment access to meet FAR 52.204-21 and CMMC 2.0 Level 1 physical access requirements for small businesses.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Step-by-Step Checklist to Identify Information System Users, Processes Acting on Behalf of Users, and Devices
A practical, step-by-step checklist to identify and document users, processes acting on behalf of users, and devices to meet FAR 52.204-21 and CMMC 2.0 Level 1 IA.L1-B.1.V requirements.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: 10 Actions to Monitor, Control, and Protect Communications at External/Internal Boundaries
Practical 10-step checklist to implement FAR 52.204-21 / CMMC 2.0 L1 control SC.L1-B.1.X for monitoring, controlling, and protecting communications at internal and external boundaries.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Implement Subnetworks in AWS/GCP/Azure for Publicly Accessible Components
Practical, platform-specific steps to place public-facing cloud components in dedicated subnetworks to meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.XI requirements while minimizing exposure.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIII: Implement File, Web, and Email Scanning
Practical guidance for small businesses on implementing file, web, and email scanning to meet FAR 52.204-21 and CMMC 2.0 Level 1 basic cyber hygiene requirements, including tools, configuration examples, and best practices.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VIII: Build a Compliance Checklist and Implementation Timeline to Limit Physical Access for DoD Contractors
Step-by-step guidance and a ready-to-use checklist plus timeline to limit physical access and meet FAR 52.204-21 / CMMC 2.0 Level 1 physical protection expectations for DoD contractors.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.I: Configuring AD, MFA, and Network Segmentation
Practical, step-by-step guidance for configuring Active Directory, multi-factor authentication, and network segmentation to meet FAR 52.204-21 / CMMC 2.0 Level 1 (AC.L1-B.1.I) requirements for small and mid-sized businesses.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Implement User, Process, and Device Identification Controls to Achieve
Practical, step-by-step guidance for small businesses to implement user, process, and device identification and authentication controls required by FAR 52.204-21 and CMMC 2.0 Level 1 IA.L1-B.1.V.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VIII: Step-by-Step Guide to Limiting Physical Access to Information Systems
Practical, step-by-step guidance for small businesses to meet FAR 52.204-21 / CMMC 2.0 Level 1 PE.L1-B.1.VIII by limiting physical access to information systems with low-cost, auditable controls.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.IX: Deploy a Visitor Management System Integrated with Audit Logging
Step-by-step guidance for deploying a visitor management solution that integrates with centralized audit logging to meet FAR 52.204-21 and CMMC 2.0 Level 1 (PE.L1-B.1.IX) physical access and audit requirements.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Choose Between Software Erasure, Degaussing, and Physical Destruction for FCI
A practical decision guide for small businesses on choosing software erasure, degaussing, or physical destruction to sanitize media holding Federal Contract Information under FAR 52.204-21 and CMMC 2.0 Level 1.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Choose and Use Media Sanitization Tools
Practical guidance for selecting and using media sanitization tools — inventory, methods (clear/purge/destroy), tools for HDDs and SSDs, verification and recordkeeping — to comply with FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.V1II.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Choose and Use Approved Tools to Sanitize or Destroy Hard Drives, SSDs, and USBs Holding FCI
Step-by-step guidance to select and operate approved sanitization and destruction tools for hard drives, SSDs, and USBs holding Federal Contract Information to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XV: Choose and Configure AV/EDR Tools for External File Scanning
Practical, step‑by‑step guidance for selecting and configuring AV/EDR file‑scanning controls to meet FAR 52.204‑21 and CMMC 2.0 Level 1 SI.L1‑B.1.XV requirements while keeping small business operations efficient.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XII: Build an Audit-Ready Compliance Checklist to Identify, Report, and Correct Flaws
Step-by-step guidance to implement SI.L1-B.1.XII to identify, report, and correct flaws for FAR 52.204-21 / CMMC 2.0 Level 1 compliance, including checklist templates and implementation tips.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.I: Checklist: 10 Practical Steps to Limit Access to Authorized Users, Processes, and Systems
A practical 10-step checklist to help small businesses meet FAR 52.204-21 and CMMC 2.0 Level 1 AC.L1-B.1.I by restricting access to only authorized users, processes, and systems.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: Step-by-Step Guide to Configuring Network Segmentation to Monitor and Protect Communications
Practical, step‑by‑step guidance for small contractors to implement network segmentation, monitoring, and protections that support FAR 52.204-21 and CMMC 2.0 Level 1 communications controls.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Prepare for a CMMC Assessment: Demonstrating
Practical, step-by-step guidance to meet FAR 52.204-21 and CMMC 2.0 Level 1 (MP.L1-B.1.VII) media sanitization and destruction requirements — policies, technical methods, evidence collection, and small-business examples.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.VI: Implement Low-Cost Identity Verification and Authentication Controls
Practical, low-cost steps for small contractors to meet FAR 52.204-21 / CMMC 2.0 Level 1 IA.L1-B.1.VI identity verification and authentication controls using built-in cloud features, MFA, and documented processes.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Build a Compliant Media Sanitization Procedure for FCI
Step-by-step guidance to develop a FAR 52.204-21 and CMMC 2.0 Level 1 compliant media sanitization procedure for Federal Contract Information (FCI), with practical checklists and ready-to-use template language.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIII: Select and Configure Cost-Effective Anti-Malware Solutions for Small Contractors
Practical guidance for small contractors to select, configure, document, and operate low-cost anti-malware controls that meet FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XIII requirements.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.I: End-to-End Implementation Guide
Practical, step-by-step guidance to integrate Identity and Access Management (IAM) with Mobile Device Management (MDM) so small businesses can meet FAR 52.204-21 and CMMC 2.0 Level 1 (AC.L1-B.1.I) requirements for device access control and basic safeguarding.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: 30-Day Implementation Checklist for Monitoring, Controlling, and Protecting Communications
A practical 30-day checklist to implement monitoring, control, and protection of communications to meet FAR 52.204-21 / CMMC 2.0 Level 1 SC.L1-B.1.X requirements for small businesses.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Implement a 7-Step Checklist for Destroying or Sanitizing Media with FCI
A practical 7-step checklist for securely destroying or sanitizing media that contains Federal Contract Information (FCI) to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Create a Quick Implementation Checklist for Identifying Users, Agents, and Devices
A concise, actionable guide to building a fast implementation checklist that helps small businesses identify and track users, software agents, and devices to meet FAR 52.204-21 and CMMC 2.0 Level 1 IA.L1-B.1.V requirements.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.III: Configure Firewalls, VPNs, and Policies to Control External Connections
Practical step-by-step guidance for small businesses to configure firewalls, VPNs, and access policies to control external connections and meet FAR 52.204-21 / CMMC 2.0 Level 1 AC.L1-B.1.III requirements.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Configure AWS VPC Subnets to Separate Publicly Accessible Components from Internal Networks
Practical, step-by-step guidance for designing AWS VPC subnet architecture that separates public-facing components from internal networks to meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.XI requirements.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Practical Checklist: Creating Physically or Logically Separated Subnetworks for Public-Facing Components
Step-by-step checklist and pragmatic implementation guidance for separating public-facing components into physically or logically isolated subnetworks to meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.XI.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.II: Implement Role-Based Access Control in Active Directory to Limit Information System Access
Practical, step-by-step guidance for implementing Role-Based Access Control (RBAC) in Active Directory to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 access-limiting requirements.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XV: Choose and Configure Scanning Tools for Cloud Storage and External File Sources
Practical guidance to select and configure cloud and external-file scanning to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XV, with implementation patterns, tool choices, and small-business examples.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VII: Build an Implementation Plan with Templates and Timelines for Physical Access Control Compliance
Step-by-step implementation plan, templates, and realistic timelines to meet physical access control requirements under FAR 52.204-21 and CMMC 2.0 Level 1 (PE.L1-B.1.VII) for small businesses.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIII: Step-by-Step Guide to Configuring Malware Protection for Cloud and On-Prem Systems
Practical, step-by-step guidance to deploy and evidence malware protection across cloud and on-prem systems to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XIII requirements.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Implement subnetworks in AWS/Azure for publicly accessible system components for compliance
Practical, step-by-step guidance for segregating publicly accessible components into subnetworks in AWS and Azure to meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.XI requirements.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.I: Step-by-Step Guide to Limiting System Access to Authorized Users, Processes, and Devices
Step-by-step, practical guidance for meeting FAR 52.204-21 and CMMC 2.0 Level 1 AC.L1-B.1.I by limiting access to authorized users, processes, and devices using policies, technical controls, and monitoring.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.IX: Implement Automated Visitor Tracking and Physical Access Device Controls
Practical, step-by-step guidance for small businesses to implement automated visitor tracking and physical access device controls to meet FAR 52.204-21 and CMMC 2.0 Level 1 PE.L1-B.1.IX requirements.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.III: Create Policies, Procedures, and a Compliance Checklist to Verify External Information System Connections
Step-by-step guidance to build policies, procedures, and a practical checklist to verify and authorize external information system connections for FAR 52.204-21 and CMMC 2.0 Level 1 (AC.L1-B.1.III).
CMMC Level 1 ·Apr 2026
PE.L1-B.1.IX: Build a Visitor Escort and Monitoring Program
Step-by-step guidance for small businesses on building a visitor escort and monitoring program to meet FAR 52.204-21 and CMMC 2.0 Level 1 PE.L1-B.1.IX, with policies, technical controls, and ready-to-use log templates.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: Step-by-Step Implementation Checklist for Monitoring External and Internal Boundaries to Achieve
Practical, step-by-step checklist to monitor external and internal network boundaries so small businesses can satisfy FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.X requirements.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Step-by-Step Guide: Implementing VLAN and Subnetwork Segmentation for Public Systems
Practical, step-by-step guidance for small businesses to implement VLAN and subnet segmentation to meet FAR 52.204-21 and CMMC 2.0 Level 1 SC.L1-B.1.XI requirements while reducing risk and producing audit evidence.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Use 7 Practical Methods to Sanitize or Destroy Media Containing Federal Contract Information
Practical, actionable guidance on 7 proven methods to sanitize or destroy media holding Federal Contract Information to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Implement User and Device Identification
Step-by-step guidance for small businesses to implement user and device identification that satisfies FAR 52.204‑21 and CMMC 2.0 Level 1 IA.L1-B.1.V requirements, with practical tools, examples, and audit evidence recommendations.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.X: Implement Network Segmentation and Key Internal Boundary Controls for CMMC Compliance
Practical, step-by-step guidance for small businesses to design and operate network segmentation and internal boundary controls to meet FAR 52.204-21 / CMMC 2.0 Level 1 SC.L1-B.1.X requirements.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Implement Media Sanitization for Common Devices (HDDs, SSDs, USBs, Mobile) Containing Federal Contract Information Before Reuse or Disposal
Step-by-step, device-specific media sanitization guidance to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements for HDDs, SSDs, USBs, and mobile devices.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.IX: Implement Low-Cost Physical Access Controls and Visitor Logging to Achieve
Practical, low-cost steps small businesses can implement today to meet FAR 52.204-21 and CMMC 2.0 Level 1 physical access and visitor logging requirements while reducing risk and audit exposure.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VIII: Create a Practical Implementation Checklist and Timeline for Small Businesses
Practical step-by-step checklist and 6–8 week timeline to implement PE.L1-B.1.VIII physical protection controls for small businesses to meet FAR 52.204-21 and CMMC 2.0 Level 1 expectations.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Step-by-Step Guide to Sanitizing or Destroying Media Containing Federal Contract Information
Practical, step-by-step guidance for small businesses to sanitize or destroy media containing Federal Contract Information to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XV: Implementation Checklist: Periodic Information System Scans and Real-Time File Scanning
Step-by-step checklist to implement periodic system scans and real-time file scanning to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 Control SI.L1-B.1.XV for small contractors.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.VI: Implement Multi-Factor Authentication to Authenticate Users, Processes, and Devices
Step-by-step, practical guidance for implementing multi-factor authentication for users, processes, and devices to meet FAR 52.204-21 and CMMC 2.0 Level 1 IA.L1-B.1.VI compliance.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Step-by-Step Media Sanitization and Destruction for Federal Contract Information
Step-by-step guidance for small businesses to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII by sanitizing and destroying media that contain Federal Contract Information (practical methods, tools, and recordkeeping).
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Step-by-Step Guide to Identifying Information System Users, Processes, and Devices
Practical, step-by-step guidance for small businesses to meet FAR 52.204-21 and CMMC 2.0 Level 1 IA.L1-B.1.V by identifying and inventorying users, processes, and devices across their information systems.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Configure AWS VPC Subnets and Security Groups to Separate Public and Internal Networks
Step-by-step guidance to design AWS VPC subnets and security groups that separate public-facing systems from internal networks to meet FAR 52.204-21 and CMMC 2.0 Level 1 control SC.L1-B.1.XI.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XII: Implement Continuous Monitoring and Metrics to Demonstrate Compliance
Step-by-step, practical guidance for small contractors to implement continuous monitoring and measurable metrics that demonstrate compliance with FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XII.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIV: Configure endpoint protection and EDR for automatic release updates to meet compliance
Practical, step-by-step guidance for configuring endpoint protection and EDR automatic release updates to satisfy FAR 52.204-21 / CMMC Level 1 requirements, FAR 52.204-21, and CMMC 2.0 Level 1 SI.L1-B.1.XIV.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XIV: Configure Automatic Signature and Engine Updates for AV/EDR to Ensure Malicious Code Protection
Step-by-step guidance to configure automatic signature and engine updates for AV/EDR to meet FAR 52.204-21 and CMMC 2.0 Level 1 control SI.L1-B.1.XIV, with practical examples for small businesses.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.I: Use Identity Management and MFA to Limit Information System Access to Authorized Entities
Practical guide to implementing identity management and multi-factor authentication (MFA) to meet FAR 52.204-21 and CMMC 2.0 Level 1 (AC.L1-B.1.I) requirements for limiting system access to authorized entities.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Implement Cloud and On-Prem Subnetworks for Public-Facing Services
Step-by-step checklist to isolate public-facing services into cloud and on-prem subnetworks to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 (SC.L1-B.1.XI), with actionable implementation guidance and small-business examples.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Create an Audit-Ready Media Sanitization Checklist
Practical step-by-step guidance to build an audit-ready media sanitization checklist that satisfies FAR 52.204-21 and CMMC 2.0 Level 1 requirements, with tools, examples, and verification practices for small businesses.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Build a Practical Media Sanitization SOP for Federal Contract Information (FCI) Disposal or Reuse
Step-by-step guidance, checklists, and templates to build a media sanitization SOP that meets FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements for Federal Contract Information (FCI).
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Build a Compliant DMZ on AWS to Segregate Public Components from Internal Networks
Step-by-step guidance to design and operate a FAR 52.204-21 / CMMC 2.0 Level 1-compliant DMZ on AWS that isolates public-facing services from internal networks using VPC design, ALB/WAF, security groups, logging and automation.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Select and Verify Sanitization Methods (Overwrite, Degauss, Physical Destroy) for Federal Contract Information
Practical, step-by-step guidance for small businesses to select and verify overwrite, degauss, and physical destroy sanitization methods to comply with FAR 52.204-21 and CMMC 2.0 Level 1 (Code 550).
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Sanitize or Destroy Hard Drives and SSDs
Practical, step-by-step methods for sanitizing and destroying HDDs and SSDs to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 media protection requirements, including degaussing, overwrite, crypto-erase, and physical destruction.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Create an Implementation Checklist and Evidence Package
Step-by-step guidance to build an implementation checklist and evidence package for the FAR 52.204-21 / CMMC 2.0 Level 1 identification & authentication control (IA.L1-B.1.V) tailored for small businesses and FAR 52.204-21 / CMMC Level 1 mapping.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Choose the Right Sanitization Methods (Overwrite, Degauss, Physical Destruction) for FCI
Practical guidance to choose and implement overwrite, degauss, and physical destruction methods to sanitize Federal Contract Information (FCI) and meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.IX: Implementing Visitor Escort, Monitor Visitor Activity, and Maintain Audit Logs
Practical, step-by-step guidance for small businesses to implement visitor escort, monitor visitor activity, and maintain auditable logs to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 PE.L1-B.1.IX.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XV: Select and Deploy Scanning Tools (AV, EDR, CASB) for Compliance
Practical guidance for selecting and deploying antivirus (AV), endpoint detection and response (EDR), and CASB solutions to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements with clear implementation steps, evidence collection, and small-business examples.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Perform Secure Data Destruction for USBs, Hard Drives, and Mobile Devices
Practical, step-by-step guidance for securely sanitizing and destroying USBs, HDDs, SSDs, and mobile devices to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements, with tools, examples, and documentation tips for small businesses.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.III: Step-by-Step Guide to Verifying and Limiting External Information System Connections
Practical step-by-step guidance for small businesses to verify and limit external information system connections to meet FAR 52.204-21 and CMMC 2.0 Level 1 AC.L1-B.1.III requirements.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Implement a Step-by-Step Media Sanitization Process for FCI Disposal and Reuse
Practical, step-by-step guidance for small businesses to sanitize media containing Federal Contract Information (FCI) to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.VIII: Prepare for an Audit: Demonstrating Compliance
Practical, step-by-step guidance for small businesses to demonstrate compliance with FAR 52.204-21 and CMMC 2.0 Level 1 (PE.L1-B.1.VIII) including required evidence, technical configurations, and audit best practices.
CMMC Level 1 ·Apr 2026
SC.L1-B.1.XI: Implement AWS VPC Subnets and Security Groups to Separate Public and Internal Networks
Step-by-step guidance to configure AWS VPC subnets, route tables, NAT/IGW, and security groups to separate public and internal networks and meet FAR 52.204-21 / CMMC 2.0 Level 1 (SC.L1-B.1.XI).
CMMC Level 1 ·Apr 2026
AC.L1-B.1.II: Configure AWS IAM and Groups to Limit Information System Access to Allowed Transactions and Functions (Practical Guide)
Practical, step-by-step guidance to implement FAR 52.204-21 / CMMC 2.0 AC.L1-B.1.II in AWS using IAM groups, roles, least privilege policies, permission boundaries, and monitoring to limit access to allowed transactions and functions.
CMMC Level 1 ·Apr 2026
PE.L1-B.1.IX: Small Business Implementation Guide: Achieve
A practical small-business guide to meeting FAR 52.204-21 and CMMC 2.0 Level 1 PE.L1-B.1.IX through visitor escort programs and access-device controls, including step-by-step procedures, low-cost technical controls, and real-world examples.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XV: Use a Quick Compliance Checklist to Deploy Real-Time File Scans on Downloads and Executions
Step-by-step checklist to deploy real-time file scans on downloads and executions to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XV compliance for small businesses.
CMMC Level 1 ·Apr 2026
MP.L1-B.1.VII: Prepare for an Audit: Demonstrating Compliance
Practical, small‑business focused guidance to demonstrate compliance with FAR 52.204-21 and CMMC 2.0 Level 1 media protection control MP.L1-B.1.VII (Code 550) including evidence to collect, technical steps, and audit-ready artifacts.
CMMC Level 1 ·Apr 2026
SI.L1-B.1.XII: Use Free and Low-Cost Tools to Identify, Report, and Correct System Flaws
Practical, low-cost techniques and toolchain recommendations to help small contractors identify, document, report, and remediate system flaws to meet FAR 52.204-21 / CMMC 2.0 Level 1 SI.L1-B.1.XII.
CMMC Level 1 ·Apr 2026
IA.L1-B.1.V: Implement Lightweight Identity Controls for Small Contractors
Practical, low-cost steps for small contractors to implement lightweight identity and authentication controls (unique IDs, authentication, MFA, onboarding/offboarding) to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Apr 2026
AC.L1-B.1.III: Create a step-by-step network access checklist to verify and control/limit external system use
A practical, step-by-step guide to building a network access checklist that verifies and restricts use of external systems to meet FAR 52.204-21 and CMMC 2.0 Level 1 AC.L1-B.1.III (Code 546).
CMMC Level 1 ·Apr 2026
AC.L1-B.1.III: Build an Audit-Ready Checklist to Verify and Control/Limit Connections to and Use of External Information Systems
Step-by-step guidance for small businesses to create an audit-ready checklist that verifies and limits connections to external information systems to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Mar 2026
SC.L1-B.1.X: Step-by-Step Checklist to Protect Organizational Communications at External and Internal Boundaries
Practical, step-by-step checklist to secure communications at internal and external boundaries to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements for small organizations.
CMMC Level 1 ·Mar 2026
SI.L1-B.1.XV: Configure Endpoint AV/EDR for Real-Time Scans on Downloaded, Opened, or Executed Files
Step-by-step guidance to configure endpoint AV/EDR to perform real-time scans of downloaded, opened, and executed files to meet FAR 52.204-21 / CMMC 2.0 Level 1 SI.L1-B.1.XV requirements.
CMMC Level 1 ·Mar 2026
AC.L1-B.1.II: Build Role-Based Access Controls (RBAC) to Restrict Functions and Transactions
Practical guide to building role-based access control (RBAC) to meet FAR 52.204-21 and CMMC 2.0 Level 1 (AC.L1-B.1.II) requirements, with implementation steps, technical examples, and small-business scenarios.
CMMC Level 1 ·Mar 2026
IA.L1-B.1.VI: Build a Practical MFA and Identity Verification Plan
Step-by-step guidance for small businesses to implement MFA and identity verification to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 IA.L1-B.1.VI requirements, with technical configurations, examples, and evidence collection tips.
CMMC Level 1 ·Mar 2026
SI.L1-B.1.XIII: Build a Low-Cost Malicious Code Protection Strategy for Small Contractors
Practical, low-cost steps small government contractors can take to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 malicious code protection requirements while minimizing budget and operational overhead.
CMMC Level 1 ·Mar 2026
SI.L1-B.1.XV: Step-by-Step: Configure Endpoint and Server Scans (Periodic + Real-Time Downloads)
Practical step-by-step guidance to configure periodic scans and real-time signature/definition updates for endpoints and servers to meet FAR 52.204-21 / CMMC 2.0 Level 1 SI.L1-B.1.XV compliance.
CMMC Level 1 ·Mar 2026
MP.L1-B.1.VII: Sanitize Hard Drives and Removable Media Before Reuse
Practical, step-by-step guidance for small businesses to sanitize hard drives and removable media to meet FAR 52.204-21 and CMMC 2.0 Level 1 (MP.L1-B.1.VII), including tools, commands, verification and record templates.
CMMC Level 1 ·Mar 2026
IA.L1-B.1.V: Implement step-by-step identification of information system users, agents, and devices
Step-by-step guidance to identify and track users, agents, and devices to meet FAR 52.204-21 and CMMC 2.0 Level 1 IA.L1-B.1.V requirements, with practical implementation examples for small businesses.
CMMC Level 1 ·Mar 2026
MP.L1-B.1.VII: Choose Tools and Techniques to Sanitize or Destroy Hard Drives and Removable Media Containing FCI
Practical guidance for small businesses on selecting tools, methods, and processes to sanitize or destroy hard drives and removable media containing Federal Contract Information (FCI) to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII.
CMMC Level 1 ·Mar 2026
SI.L1-B.1.XII: (Code 555): Practical Steps to Detect, Report, and Correct Vulnerabilities Quickly
Step-by-step guidance for small businesses to implement rapid vulnerability detection, reporting, and remediation to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 SI.L1-B.1.XII (Code 555).
CMMC Level 1 ·Mar 2026
SI.L1-B.1.XII: Integrate Vulnerability Management Tools with Your Compliance Program
Practical steps to integrate vulnerability scanning and remediation tools into a FAR 52.204-21 / CMMC Level 1 to meet SI.L1-B.1.XII (FAR 52.204-21 / CMMC 2.0 Level 1) requirements, including real-world small-business examples and technical configuration tips.
CMMC Level 1 ·Mar 2026
AC.L1-B.1.III: Implement a lightweight verification and control workflow for small businesses
A practical, step-by-step guide for small businesses to implement a low-cost verification and access-control workflow that meets FAR 52.204-21 and CMMC 2.0 Level 1 AC.L1-B.1.III requirements.
CMMC Level 1 ·Mar 2026
AC.L1-B.1.II: Harden Cloud IAM (AWS/Azure/GCP) to Limit Access to Authorized Transactions and Functions
Practical guidance for small businesses to harden AWS, Azure, and GCP IAM so only authorized transactions and functions are permitted to satisfy FAR 52.204-21 and CMMC 2.0 Level 1 (AC.L1-B.1.II).
CMMC Level 1 ·Mar 2026
AC.L1-B.1.II: Configure Role-Based Access Controls (RBAC) to Enforce Transaction and Function Limits
Step-by-step guidance for small businesses to implement RBAC that enforces transaction and function limits to meet FAR 52.204-21 and CMMC 2.0 Level 1 AC.L1-B.1.II requirements.
CMMC Level 1 ·Mar 2026
SC.L1-B.1.XI: From Design to Deployment: Implementing Segregated Subnetworks in AWS/Azure
Practical guide to designing and deploying segregated subnetworks in AWS and Azure to meet FAR 52.204-21 and CMMC 2.0 Level 1 network segmentation requirements, with step-by-step examples for small businesses.
CMMC Level 1 ·Mar 2026
PE.L1-B.1.IX: Checklist: Configuring Visitor Badges, Escorting, Monitoring and Audit Logs to Achieve
Step-by-step checklist and technical guidance to configure visitor badges, escorting, monitoring, and audit logging to meet FAR 52.204-21 and CMMC 2.0 Level 1 PE.L1-B.1.IX requirements.
CMMC Level 1 ·Mar 2026
MP.L1-B.1.VII: Step-by-Step Checklist: Sanitizing or Destroying Reusable Media Before Disposal
Practical, step-by-step guidance for sanitizing or destroying reusable media to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements, with small-business examples and verification best practices.
CMMC Level 1 ·Mar 2026
MP.L1-B.1.VII: Prepare for a CMMC Assessment: Demonstrating Compliance
Practical step-by-step guidance for small businesses to meet FAR 52.204-21 / CMMC 2.0 Level 1 MP.L1-B.1.VII requirements for secure media disposal, including technical sanitization methods, evidence for assessors, and real-world examples.
CMMC Level 1 ·Mar 2026
AC.L1-B.1.II: Implement RBAC step-by-step to limit transactions and functions
Step-by-step guide to implement role-based access control (RBAC) to limit transactions and functions for FAR 52.204-21 and CMMC 2.0 Level 1 (AC.L1-B.1.II) compliance, with practical steps, examples, and technical snippets for small businesses.
CMMC Level 1 ·Mar 2026
AC.L1-B.1.II: Configure RBAC in Active Directory to Limit System Transactions
Practical, step-by-step guidance to implement Role-Based Access Control (RBAC) in Active Directory to limit system transactions and meet FAR 52.204-21 / CMMC 2.0 Level 1 AC.L1-B.1.II requirements for small businesses.
CMMC Level 1 ·Mar 2026
PE.L1-B.1.IX: Build a Compliant Visitor Escort and Audit Log Program
Step-by-step guidance for small businesses to implement a visitor escort and audit logging program that meets FAR 52.204-21 and CMMC 2.0 Level 1 PE.L1-B.1.IX requirements, with practical checklists and technical details.
CMMC Level 1 ·Mar 2026
SC.L1-B.1.X: How Small IT Teams Can Implement : Stepwise Implementation
Practical, step-by-step guidance for small IT teams to implement SC.L1-B.1.X — the system and communications protection requirements mapped to FAR 52.204-21 and CMMC 2.0 Level 1 — including concrete technical steps, examples, and compliance tips.
CMMC Level 1 ·Mar 2026
SC.L1-B.1.X: Create Policies and Procedures to Control Organizational Communications at Boundaries
Practical template and step-by-step guidance to create policies and procedures that control organizational communications at network and information boundaries to meet FAR 52.204-21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Mar 2026
IA.L1-B.1.VI: Configure Azure AD Conditional Access
Step-by-step guidance to use Azure AD Conditional Access to enforce authentication controls required by FAR 52.204-21 and CMMC 2.0 Level 1 (IA.L1-B.1.VI), including practical settings, testing tips, and small-business examples.
CMMC Level 1 ·Mar 2026
SC.L1-B.1.XI: Build a Compliant Cloud DMZ in AWS and Azure with Security Groups and NACLs
Step-by-step guidance to design and implement a compliant cloud DMZ in AWS and Azure using Security Groups, NACLs/NSGs, logging, and segmentation to meet FAR 52.204-21 and CMMC 2.0 Level 1 boundary protection requirements.
CMMC Level 1 ·Mar 2026
MP.L1-B.1.VII: Step-by-Step Guide to Sanitizing vs Destroying Storage Devices
Clear, practical steps for small businesses to sanitize or destroy storage devices to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements while minimizing risk and documenting compliance.
CMMC Level 1 ·Mar 2026
PE.L1-B.1.VIII: Evidence, Templates, and Implementation Steps to Demonstrate Limited Physical Access
Practical, step-by-step guidance for small businesses to demonstrate limited physical access under FAR 52.204-21 / CMMC 2.0 L1 (PE.L1-B.1.VIII) with evidence, templates, and audit-ready artifacts.
CMMC Level 1 ·Mar 2026
PE.L1-B.1.VIII: Implement a Practical Access Control Checklist for Small Contractors to Meet Requirements
A concise, practical guide for small contractors to implement an access control checklist that satisfies PE.L1-B.1.VIII mapping to FAR 52.204-21 and CMMC 2.0 Level 1 requirements.
CMMC Level 1 ·Mar 2026
PE.L1-B.1.IX: Deploy a cost-effective visitor management system
Step-by-step guidance to implement a low-cost visitor management system that satisfies FAR 52.204-21 and CMMC 2.0 Level 1 PE.L1-B.1.IX requirements — tools, hardware, integrations, and practical tips for small businesses.
CMMC Level 1 ·Mar 2026
IA.L1-B.1.VI: Create a Compliance Checklist for Authenticating Users, Processes, and Devices
Step-by-step guidance to build an auditable checklist that ensures users, processes, and devices are authenticated per FAR 52.204-21 and CMMC 2.0 Level 1 IA.L1-B.1.VI, including technical controls and small-business examples.
CMMC Level 1 ·Mar 2026
MP.L1-B.1.VII: Checklist for Sanitizing or Destroying Media Containing FCI
Practical, step-by-step checklist and implementation guidance to sanitize or destroy media containing Federal Contract Information (FCI) in order to meet FAR 52.204-21 and CMMC 2.0 Level 1 MP.L1-B.1.VII requirements.