Subcontractor Risk Check
Free · 3 Minutes · No Login Required

Will Your CMMC Self-Assessment Hold Up
When Your Prime
Asks For Proof?

CMMC Level 1 has 15 practices your business must meet — and your prime contractor is required to verify them. 10 questions show you exactly where you stand and what could cost you the contract.

10 Questions
3 min To complete
15 Required practices
🎁 Bonus: Get our 5 Quick Habits Cheat Sheet at the end — a one-page reference to print and post in your office to stay compliant year-round.
Shared logins
No SSP on file
Outdated antivirus
Unsecured devices
Expired SPRS score
Question 1 of 10
Who Can Use Your Systems
Where You Stand
Get compliant — without hiring an IT consultant.

PCC Self-Service Compliance gives small subs everything you need to pass CMMC Level 1: a guided self-assessment, plain-English documentation, an auto-generated System Security Plan, and SPRS submission guidance — built for trade subs in Hawaii, Guam, and CNMI.

First — check with your prime. If your prime contractor already runs a PCC compliance program, your access is included at no cost. Ask them before reaching out.
Plain-English self-assessment
Auto-generated SSP
SPRS submission guidance
Pacific-region support
Or email us directly: matt@pacificcybercompliance.com  ·  pacificcybercompliance.com
Free Reference · Print & Post
5 Quick Habits — CMMC Level 1
at a Glance
Five habits cover all 15 CMMC Level 1 requirements. Print this and post it where your team works — then get the full compliance package to document what you've done.
📋 Habit 1
The Master List
Know who and what belongs on your systems
  • Every employee has their own unique login — no shared accounts
  • Every company device is listed by serial number
  • Update the list the same day someone joins or leaves
  • Only company-owned devices connect to work systems
🔒 Habit 2
The Secure Network
Control what comes in and out of your internet
  • Router security features turned on
  • Separate internet connections for staff and guests
  • Built-in computer protection active on all devices
  • No open or unprotected internet connections
👤 Habit 3
One Person, One Login
Verify who accesses your systems every time
  • Strong, unique password for every employee
  • Two-step login on all online accounts
  • Computer locks automatically when left idle
  • Default router passwords changed immediately
⚙️ Habit 4
The Weekly Routine
Keep every device safe, current, and protected
  • Automatic updates turned on for all devices
  • Weekly scheduled security scan on all computers
  • Router checked monthly for software updates
  • Maintenance log kept to show the routine is followed
🏢 Habit 5
Lock, Log, Wipe
Protect the physical space and dispose safely
  • Work areas locked when unoccupied
  • Visitor sign-in sheet for every non-employee visit
  • Network equipment secured in a locked location
  • Devices wiped or destroyed before disposal
🔐
The full 15-requirement breakdown is inside your compliance package.
These five habits are the framework. The paid workbook maps every habit to the specific DoD requirements, walks you through building your System Security Plan, and produces the SPRS score your prime contractor needs to see on file.
Get the full package at pacificcybercompliance.com →