CUI Guidance – Scoping CUI is Your First Step in CMMC
To have confidence in your NIST 800-171 self-assessment and SPRS submission requires a thorough understanding of the CUI you handle and its scope within your business organization (your CUI footprint). Our CUI Guidance consulting service is designed to ensure your best first step to CMMC compliance.
We help you:
- Identify Federal Controlled Information (FCI) and Controlled Unclassified Information (CUI) that touch your people, processes, and technology.
- Review your strategy for NIST 800-171 / CMMC compliance.
- Evaluate and improve your existing System Security Plan (SSP) and Plan of Actions and Milestone (POAM)
- Assess and improve your policies, procedures, and practices
- Minimize your CUI footprint which equals less compliance effort and lower cost.
NIST 800-171 and CMMC Compliance do not need to be a company-wide undertaking. In fact, DFARS requirements only apply where Controlled Unclassified Information (CUI) touches your people, processes, and technology. KLC Consulting’s CUI Guidance consulting is the first step toward becoming CMMC Compliant. Our approach minimizes your CUI footprint which equals less compliance effort and a lower cost.
“The most critical factor in CMMC Level 2 compliance is discerning the CUI you handle, segregating it, and minimizing its footprint within your business organization.”– Kyle Lai,
CISSP, CISA, and President of KLC Consulting, Inc.
Call for an Introductory No-Cost Consultation: 617.314.9721 x158
CUI Guidance – How We Work Together
- We conduct Zoom calls to analyze how your business operates.
- Discern the CUI information you handle.
- Use our proprietary “CUI Data Lifecycle” methodology to scope your CUI boundary, minimize its footprint, and reduce your CMMC compliance cost.
1 Input & Creation of CUI
Review and document how it’s received and created.
2 Storage of CUI
Evaluate, inspect, and document processes and mechanisms.
3 Use of CUI
Examine who, what, where, why, and how of usage.
4 Share of CUI
How shared with prime contractors, subcontractors and the DoD.
5 Archive of CUI
Analyze methods and processes of archival and encryption.
6 Disposal of CUI
Evaluate contract requirements with practices and processes.
CUI Guidance Consulting Package
Our CUI Guidance provides the best foundation for your CMMC compliance program.
We utilize the CMMC 2.0 Assessment Guide and provide you with
- Your CUI boundary diagram
- Identification of “In Scope” assets such as CUI Assets, Security Protection Assets, Risk Managed Assets and Specialized Assets
- Recommendations to minimize your CUI footprint
Prices start at $7,900 and vary by your in-scope factors, including the numbers of:
- Physical locations and cage codes
- Employees and citizenship
- Systems, devices, and applications
Now you’re ready for an accurate self-assessment
The Next Steps are SPRS Submission and POAM Remediation
Do You Sell Commercial Off The Shelf (COTS)?
If so, NIST 800-171 and CMMC Level 2 don’t apply. If you believe that’s what you sell to the DoD is COTS, we can help you prove it.
“a video guide for defense contractors”
Lower Your CMMC Compliance Cost With Our CUI Guidance!
We meet you where you’re at and bring you to ‘CMMC Assessment Ready’
with as much or as little help as you need
"*" indicates required fields