CPCSC Level 1 Mandatory at Contract Award — April 2026

Are You Ready for CPCSC Level 1?

Answer 13 questions. Get your gap analysis in under 5 minutes. No sign-up required.

Time until CPCSC Level 1 deadline
0
Days
0
Hours
0
Minutes
0
Seconds

CPCSC Level 1 Assessment

13 controls. Your current readiness state.

Question 1 of 13
Access Control — AC-03.01.01

Do you maintain a list of authorized users and define what systems/data each user can access?

Question 2 of 13
Access Control — AC-03.01.02

Do you enforce restrictions on transactions and functions that authorized users are permitted to execute?

Question 3 of 13
Access Control — AC-03.01.20

Do you restrict connections to external systems and networks to only those that are authorized?

Question 4 of 13
Access Control — AC-03.01.22

Do you control information posted or processed on publicly accessible systems?

Question 5 of 13
Identification & Authentication — IA-03.05.01

Do you identify and authenticate all users before granting system access?

Question 6 of 13
Identification & Authentication — IA-03.05.02

Do you authenticate devices before establishing connections to organizational systems?

Question 7 of 13
Identification & Authentication — IA-03.05.03

Do you use multi-factor authentication (MFA) for access to privileged and non-privileged accounts?

Question 8 of 13
Media Protection — MP-03.08.03

Do you sanitize or destroy media (hard drives, USBs, etc.) before disposal, release, or reuse?

Question 9 of 13
Physical Protection — PE-03.10.01

Do you limit physical access to systems, equipment, and operating environments to authorized individuals?

Question 10 of 13
Physical Protection — PE-03.10.07

Do you protect and monitor the physical facility and support infrastructure?

Question 11 of 13
System & Communications Protection — SC-03.13.01

Do you monitor, control, and protect communications at the external boundary and key internal boundaries of your systems?

Question 12 of 13
System & Information Integrity — SI-03.14.01

Do you identify, report, and correct system flaws (vulnerabilities) in a timely manner?

Question 13 of 13
System & Information Integrity — SI-03.14.02

Do you protect systems from malicious code (malware) at designated locations?

Your CPCSC Level 1 Readiness Assessment

0%

Controls Satisfied

Assessment complete.

Review your control status below.

Control Status by Family

Access Control (AC)

AC-03.01.01

Authorized user list & access definition

Not assessed
AC-03.01.02

Transaction & function restrictions

Not assessed
AC-03.01.20

External system connection restrictions

Not assessed
AC-03.01.22

Public system information control

Not assessed

Identification & Authentication (IA)

IA-03.05.01

User identification & authentication

Not assessed
IA-03.05.02

Device authentication

Not assessed
IA-03.05.03

Multi-factor authentication (MFA)

Not assessed

Media Protection (MP)

MP-03.08.03

Media sanitization & destruction

Not assessed

Physical Protection (PE)

PE-03.10.01

Physical access limitation

Not assessed
PE-03.10.07

Physical facility protection & monitoring

Not assessed

System & Communications Protection (SC)

SC-03.13.01

Boundary monitoring & protection

Not assessed

System & Information Integrity (SI)

SI-03.14.01

Flaw identification & remediation

Not assessed
SI-03.14.02

Malware protection

Not assessed

Built by a team that understands CPCSC from the inside

🔐

Cryptographically Verified

All evidence is hashed, signed with AWS KMS (ECDSA-SHA256), and verified via Merkle chains.

📋

Maps 97 ITSP.10.171 Controls

From Level 1 (13 controls) through Level 2 (97 controls) and beyond.

⛓️

Tamper-Evident Merkle Tree

Daily attestations create an immutable ledger that regulators can verify instantly.

Patent Pending Technology

Proprietary Receipt Engine transforms compliance requirements into audit-ready evidence.