Evaluates code-level controls aligned with CMMC Level 1 (FAR 52.204-21) — access control, identification and authentication, system protection, communications security, and information integrity for projects handling Federal Contract Information (FCI).
This audit covers 17 of 17 CMMC Level 1 practices. Four Physical Protection practices (PE.L1-3.10.1 through PE.L1-3.10.5) are included but automatically skipped — they require physical facility inspection and cannot be verified through code analysis. A passing score on this audit means your codebase meets the code-inspectable CMMC L1 requirements, but full certification also requires physical security controls assessed separately.
21
Total Checks
3
Delivery Formats
4
Categories
1
Versions
Initial release — 21 checks across 6 CMMC Level 1 domains
2026-03-15
Copy the prompt in your preferred format above.
Paste into your AI coding tool (Claude Code, Cursor, Bolt, etc.).
Let the AI run all checks. Review the structured JSON output it produces.
Submit the JSON telemetry block to AuditBuffet for scoring and benchmarks.
Paste your JSON telemetry to get scores and benchmarks.
Submit Results