DoD CUI Guidance – Scoping CUI is Your First Step in CMMC

Our DoD CUI Guidance consulting service is designed to be your best first step to CMMC compliance. To have confidence in your NIST 800-171 self-assessment and SPRS submission requires a thorough understanding of the CUI you handle and its accurate scope within your business organization (your CUI footprint). And inaccurate CUI scope is the most common mistake we see companies make.

We help you:

  • Identify Federal Controlled Information (FCI) and Controlled Unclassified Information (CUI) that touch your people, processes, and technology. 
  • Review your strategy for NIST 800-171 / CMMC compliance.
  • Evaluate and improve your existing System Security Plan (SSP) and Plan of Actions and Milestone (POAM)
  • Assess and improve your policies, procedures, and practices
  • Minimize your CUI footprint which equals less compliance effort and lower cost.

NIST 800-171 and CMMC Compliance do not need to be a company-wide undertaking. In fact, DFARS requirements only apply where Controlled Unclassified Information (CUI) touches your people, processes, and technology. KLC Consulting’s CUI Guidance consulting is the first step toward becoming CMMC Compliant. Our approach to CUI Guidance minimizes your CUI footprint which equals less compliance effort and a lower cost.

“The most critical factor in CMMC Level 2 compliance is discerning the CUI you handle, segregating it, and minimizing its footprint within your business organization.”

– Kyle Lai, Certified CMMC Professional, and
President of KLC Consulting, Inc.
Determine Your CUI Boundary – A Guide for Defense Contractors: NIST 800-171 and CMMC

Call for an Introductory No-Cost Consultation: 617.314.9721  x158

CUI Guidance – How We Work Together

KLC provides CUI Guidance consulting. Understand your CUI, minimize it's footprint within your company, and save money
  • We conduct Zoom calls to analyze how your business operates.
  • Discern the CUI information you handle.
  • Use our proprietary “CUI Data Lifecycle” methodology to scope your CUI boundary, minimize its footprint, and reduce your CMMC compliance cost.

1 Input & Creation of CUI

Review and document how it’s received and created.

2 Storage of CUI

Evaluate, inspect, and document processes and mechanisms.

3 Use of CUI

Examine who, what, where, why, and how of usage.

4 Share of CUI

How shared with prime contractors, subcontractors and the DoD.

5 Archive of CUI

Analyze methods and processes of archival and encryption.

6 Disposal of CUI

Evaluate contract requirements with practices and processes.

DoD CUI Guidance Consulting Package


Our CUI Guidance provides the best foundation for your CMMC compliance program.

We utilize the CMMC 2.0 Assessment Guide and provide you with

  • Your CUI boundary diagram
  • Identification of “In Scope” assets such as CUI Assets, Security Protection Assets, Risk Managed Assets and Specialized Assets
  • Recommendations to minimize your CUI footprint

Prices start at $11,900 and vary by your in-scope factors, including the numbers of:

  • Physical locations and cage codes
  • Employees and citizenship
  • Systems, devices, and applications

Now you’re ready for an accurate self-assessment

The next steps are SPRS Submission and POAM Remediation

Do You Sell Commercial Off The Shelf (COTS)?

If so, NIST 800-171 and CMMC Level 2 don’t apply. If you believe that’s what you sell to the DoD is COTS, we can help you prove it.

Check out our YouTube channel and LinkedIn pages for the latest informational and educational resources for Cybersecurity Maturity Model Certification.

KLC provides CUI Guidance consulting. Understand your CUI, minimize it's footprint within your company, and save money

Check out our CUI definition and boundary video…

“a video guide for defense contractors”

Scroll to Top