CMMC Level 1 Gap Assessment Grant
Know exactly where your organization stands against all 17 CMMC Level 1 practices, the baseline every DoD contractor that handles Federal Contract Information (FCI) must meet under FAR 52.204-21.
Apply for the Level 1 GrantWhat the grant covers
A focused readiness check for small DoD suppliers whose obligation tops out at Level 1. We show you where you stand so you can complete the annual self assessment and affirmation with confidence.
Included
- Full evaluation of all 17 CMMC Level 1 practices
- Technical infrastructure review of how you handle FCI
- Policy and procedure assessment
- Operational practices evaluation
- Gap identification across all 6 Level 1 control families
- Prioritized list of compliance gaps by severity
- A clear picture of your self assessment readiness
Not included
- Detailed written assessment report
- Remediation roadmap
- Plan of Action and Milestones (POA&M)
- SPRS submission and affirmation support
Who this is for
CMMC Level 1 is the floor for doing business with the Department of Defense. If you handle Federal Contract Information but not Controlled Unclassified Information, this is your tier.
How it works
From application to findings in a few simple steps.
Apply Online
Complete a short application. Reviewed within 5 to 7 business days.
Grant Approval
Qualified applicants are matched with a certified assessor.
Level 1 Assessment
Your environment is evaluated against all 17 Level 1 practices.
Results and Next Steps
Receive gap identification with prioritized findings.
Level 1 or Level 2?
Your CMMC level is set by the data you handle. Most small suppliers are Level 1.
| CMMC Level 1 | CMMC Level 2 | |
|---|---|---|
| Data type | Federal Contract Information (FCI) | Controlled Unclassified Information (CUI) |
| Requirements | 17 practices (FAR 52.204-21) | 110 controls (NIST SP 800-171) |
| Assessment | Annual self assessment plus affirmation | Self or C3PAO third-party assessment |
| This grant | Level 1 Gap Assessment | See the Level 2 Gap Assessment Grant |
Frequently asked questions
Common questions about the CMMC Level 1 Gap Assessment Grant.
What is a CMMC Level 1 Gap Assessment?
It is a structured review of your environment against the 17 practices that make up CMMC Level 1. It shows you which practices you already meet and which ones you do not, so you can prepare for your annual self assessment.
Who needs CMMC Level 1?
Almost every company in the DoD supply chain. If you generate or handle Federal Contract Information under a government contract, and you are not selling purely commercial off the shelf products, you must meet at least Level 1.
What is the difference between Level 1 and Level 2?
Level 1 protects Federal Contract Information with 17 practices and an annual self assessment. Level 2 protects Controlled Unclassified Information with 110 NIST SP 800-171 controls. If you do not handle CUI, Level 1 is your requirement.
Why are the detailed report and remediation roadmap not included?
This grant funds the assessment itself so you can see your gaps clearly. The written report, remediation roadmap, and hands-on support are available as paid services if you want help closing the gaps.
How long does the assessment take?
Most Level 1 assessments are completed quickly because the scope is focused on 17 practices. Your assessor will confirm timing after approval.
Is there a deadline?
The CMMC requirement is phasing into DoD contracts. The sooner you know where you stand, the sooner you can stay eligible to bid. Apply early so you are ready when a contract requires it.
Apply for the CMMC Level 1 Gap Assessment Grant
Find out exactly where you stand against CMMC Level 1, fully funded for qualifying organizations.
Apply for CMMC Level 1 Gap Assessment