CMMC GLOSSARY // FCI

What is FCI?

FCI stands for Federal Contract Information. FCI is information provided by or generated for the government under a contract that is not intended for public release — the trigger for CMMC Level 1.

Federal Contract Information (FCI) is non-public information created or received while performing a federal contract. Handling FCI (but not CUI) generally puts a contractor at CMMC Level 1.

Level 1 covers 17 basic safeguarding practices from FAR 52.204-21 and is met with an annual self-assessment and senior-official affirmation — no third-party assessor required.

The line between FCI and CUI matters: assuming you are FCI-only when you actually handle CUI is one of the most common and costly scoping mistakes contractors make.

FROM TERMS TO READINESS

See where you actually stand on the 110 controls.

PolicyCortex maps your live cloud against every NIST 800-171 control and generates C3PAO-ready evidence. Start with the free assessment.

SYS: ONLINE
FOCUSCMMC L2 / L3
BUILD0aed52
CMMC DEADLINET-d
©2026 POLICYCORTEX, INC.