Question 4 - Cyber AB CMMC-CCP Real Exam Questions [March 2026 Update]

Q: 4

Which code or clause requires that a contractor is meeting the basic safeguarding requirements for FCI during a Level 1 Self-Assessment?

Options

Correct Answer:

Explanation

CMMC Level 1 (Foundational) is focused on the protection of Federal Contract Information (FCI). The 15 security practices required for a Level 1 Self-Assessment are taken directly from the basic safeguarding requirements stipulated in Federal Acquisition Regulation (FAR) clause 52.204-21, "Basic Safeguarding of Covered Contractor Information Systems." This FAR clause is the foundational contractual requirement for all federal contractors to protect FCI on their nonfederal information systems. Therefore, it is the specific clause that requires a contractor to meet these basic safeguarding requirements.

Why Incorrect

B. 22CFR 120-130: This citation refers to the International Traffic in Arms Regulations (ITAR), which governs the export of defense articles and services, not the general safeguarding of FCI.

C. DFARS 252.204-7011: This Defense Federal Acquisition Regulation Supplement (DFARS) clause, "Alternative Line Item Structure," pertains to how contract line items are organized and is unrelated to cybersecurity.

D. DFARS 252.204-7021: This DFARS clause, "Cybersecurity Maturity Model Certification Requirement," is the mechanism that enforces CMMC assessments within DoD contracts but does not originate the FCI safeguarding requirements themselves.

References

1. U.S. Department of Defense (DoD). (2021). Cybersecurity Maturity Model Certification (CMMC) Model Version 2.0. Page 4

"CMMC Level 1

Foundational

" states

"CMMC Level 1 is equivalent to all of the safeguarding requirements specified in Federal Acquisition Regulation (FAR) clause 52.204-21."

2. General Services Administration

DoD

NASA. (2016). Federal Acquisition Regulation; Basic Safeguarding of Covered Contractor Information Systems. 48 C.F.R. § 52.204-21. This document is the primary source text for the 15 basic safeguarding requirements for FCI.

3. Johns Hopkins University Applied Physics Laboratory & DoD. (2023). CMMC Assessment Process (CAP) for CMMC Level 1 Version 2.1. Page 1

Section 1.1

"The CMMC Level 1 assessment scope is focused on FCI assets

which are information systems

system components

or assets that process

store

or transmit FCI. The CMMC Level 1 requirements are from FAR 52.204-21."

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE