KLC Consulting is a CMMC 2.0 consultant. We provide flexible CMMC 2.0 consulting services to bring you to full compliance.

CMMC 2.0 and
NIST 800-171 Compliance

KLC Consulting is an Authorized C3PAO Company and CMMC consultant.

CMMC 2.0 and
NIST 800-171 Compliance

KLC Consulting is an Authorized C3PAO Company and CMMC consultant.

CMMC Consulting Services

Gap Analysis

Let’s determine where you’re at. We’ll identify your compliance gaps, assess your actual SPRS score, and provide you with a roadmap for remediation.

CMMC Compliance Consulting

For large and small companies. Let’s create your CMMC compliance program, remediate your deficiency gaps, and prepare you for assessment.

COTS Exemptions

Do you sell commercially off-the-shelf products to DoD or Prime customers? If so, CMMC doesn’t apply. We help you avoid unnecessary CMMC costs.

C3PAO Assessment Services

Readiness Assessment

Are you ready? Be sure! Don’t waste time and money on a failed assessment. Let’s do a mock C3PAO assessment to verify that you’re ready.

CMMC-JSVA Assessment

Reap the benefits of this new transitional CMMC assessment! Earn a letter of recognition from the DoD and status acknowledgment in the SPRS.

CMMC Level 2 Assessment

CMMC rulemaking nears completion and certification requirements are imminent. KLC is an authorized C3PAO that certifies companies in CMMC.

Our Experts

Our CMMC experts have a thorough understanding of DoD cybersecurity requirements and a proven track record of helping organizations achieve compliance. We hold advanced industry certifications, including Certified CMMC Professional (CCP), Provisional Assessor (PA), and Instructor (PI).

We are committed to working collaboratively to understand your specific needs and develop your most cost-efficient plan to achieve CMMC compliance.

Kyle Lai
President and CISO
Paul Casassa
Vice President
Layla Remmert: Director of Cybersecurity Services for KLC Consulting, a C3PAO Company
Layla Remmert
Director of Services
Eric Lunsford
Senior Security Engineer

The Top Questions People Ask Us about CMMC and DFARS

Below are some of the most frequently asked questions we get regarding CMMC and NIST 800-171 compliance services.
If you have any other questions please contact us.

What are my requirements – today?

If you contract business with the U.S. Department of Defense as either a prime or tiered subcontractor, and you handle “Covered Defense Information” (CDI) or “Controlled Unclassified Information” (CUI), DFARS 252.204-7012 requires you to protect it by implementing the NIST 800-171 cybersecurity standard. 

You must also implement a Cyber–Incident Response plan to manage and report malicious cybersecurity events to the DoD when they occur.

You must also perform a self-assessment to determine where you’re at with implementing these requirements and report your status to the DoD’s SPRS website (DFARS 252.204-7019 & -7020)

+

Is there a penalty or fine for non-compliance?  

It’s fair to say that the recent DoD directive (DFARS 252.204-7024) that requires Contracting Officers to evaluate SPRS submittals (or lack thereof) arose because of the inadequate response to meet requirements. 

So, you risk losing your DoD contract work opportunities.  (The DoD’s Memo on June 16, 2022) states that failure to have or to make progress on a plan to implement NIST 800-171 requirements may be considered a material breach of contract requirements. 

DoD penalties & fines include: 

  • Withhold progress payments,
  • Forego remaining contract options, and 
  • Contract termination in part or in whole.

False Claim Act (FCA) Prosecution:

If you falsely state you comply with DFARS 7012, the Department of Justice (DoJ) could charge you under the FCA. The most egregious non-compliance penalties include litigation and financial penalties that exceed $2 billion in fiscal year 2022.

+

How can I know where I stand?

If you’re just starting with NIST 800-171 and CMMC, contract a Gap Analysis with a reputable, authorized C3PAO Company. You’ll know with certainty where you’re at and what you need to do to become compliant.  Don’t waste time filling out a prefabbed NIST 800-171 template. It won’t fit your business, and you’ll go astray.

Many Defense Industrial Base companies have implemented cybersecurity protections but haven’t developed the depth and documentation required to pass an independent CMMC assessment.  Our CMMC Gap Analysis service identifies your deficiencies in the 320 assessment objectives of NIST 800-171’s practices. We provide recommendations and offer additional assistance with the best and most cost-effective way to achieve full compliance.

If you’re close to full compliance, consider a mock assessment or a Joint Surveillance Voluntary Assessment to elevate your status as a trusted business partner in the eyes of the DoD and prime customers.

+

How much will it cost me?

Your cost to create and implement a CMMC compliance program depends on size and complexity.  Factors include:

  • Industry Type
  • Company size
  • Number of CAGE Codes
  • CMMC Level Requirement
  • IT Environment:  Cloud, on-Prem, hybrid
  •  Number of employees that need to handle defense information
  • Current state of compliance

If you’re unsure that you have enough DoD contract opportunities to justify investing in a CMMC compliance program, we can help you develop a cost-benefit analysis.Are you looking for help with NIST 800-171 and CMMC compliance? Let’s talk. We provide no-cost initial consultations.

+

Have a Different Question?

This field is for validation purposes and should be left unchanged.

Get Your Free Consultation

Not sure where to start with your CMMC compliance program? You’re not alone! Whether you need CMMC consulting or assessment services, we are here to help. Let’s get the conversation started with a complimentary question and answer session.

Check out our YouTube channel and LinkedIn pages for the latest informational and educational resources for Cybersecurity Maturity Model Certification.

Scroll to Top