Targeted workshop for contractors handling Federal Contract Information (FCI) only. Walks through the 17 FAR 52.204-21 practices that constitute CMMC Level 1, the annual self-assessment requirement, SPRS posting, and the affirmation process. Most concise path to CMMC compliance for non-CDI contractors.
This focused, four-hour workshop gives defense and federal contractors handling Federal Contract Information (FCI) a direct, structured path through every requirement that constitutes CMMC Level 1. Instructor Carl B. Johnson, President & CISO of Cleared Systems, leads participants through the full compliance picture—no filler, no tangents—so your team leaves with the knowledge and documentation needed to complete and post a credible self-assessment.
The session opens with a practice-by-practice walkthrough of all 17 basic safeguarding requirements defined in FAR 52.204-21. For each practice, instruction covers what the requirement actually means in an operational environment, common implementation gaps found during assessments, and the evidence your organization needs to demonstrate compliance. Topics include access control, identification and authentication, media protection, configuration management, and incident response at the Level 1 scope.
CMMC Level 1 requires contractors to perform and document a self-assessment on an annual basis. This block of the workshop explains how to scope the assessment correctly against your FCI boundary, how to evaluate each of the 17 practices against your current environment, and how to produce an assessment that will withstand scrutiny from a Contracting Officer or DCSA review. Participants work through the assessment methodology step by step, applying it to realistic contractor scenarios.
Once the assessment is complete, results must be translated into a numerical score and entered into the Supplier Performance Risk System (SPRS). The workshop covers how the scoring methodology works for Level 1, how to accurately calculate your organization's score based on practice implementation status, and the mechanics of posting to SPRS—including what the record must contain and who in your organization holds posting authority.
Beyond the score itself, CMMC Level 1 includes a formal affirmation process in which a senior company official attests to the accuracy of the self-assessment. Instruction covers who must affirm, what that official is attesting to, the legal weight of the affirmation under the False Claims Act exposure framework, and how to structure your internal process so the affirming official has a defensible basis for signing.
This workshop is built for the people inside a defense or federal contracting organization who are directly responsible for compliance—and for the managers who need those people ready to perform. The right attendee is likely already aware that their contracts involve FCI, suspects their current documentation would not survive a review, and needs a structured, expert-led process to close that gap efficiently.
If your team holds active contracts containing FAR 52.204-21 and has not yet completed a documented, SPRS-posted self-assessment, this workshop is the most direct investment you can make to close that liability. Four hours of structured instruction—rather than weeks of unguided research—gets your practitioner to a defensible compliance posture with a clear audit trail. For organizations that may eventually move toward handling CUI, this workshop also builds the foundational fluency needed before engaging with CMMC, CUI & DFARS Compliance services at higher levels.
Cleared Systems works with contractors at every stage of the compliance lifecycle. Teams that complete this workshop and identify gaps requiring hands-on remediation support can explore Compliance Program Development engagements designed to carry that work forward. Whether your organization is preparing for its first SPRS posting or standardizing an assessment process across multiple business units, this session gives you the foundation to do it right.
Ask about group rates, private delivery of this curriculum for your team, or whether this session fits your compliance roadmap.
Contact Us
