CUI Guidance Service
DoD CUI Guidance – Scoping CUI is Your First Step in CMMC
Our DoD CUI Guidance consulting service is designed to be your best first step to CMMC compliance. To have confidence in your NIST 800-171 self-assessment and SPRS submission requires a thorough understanding of the CUI you handle and its accurate scope within your business organization (your CUI footprint). And inaccurate CUI scope is the most common mistake we see companies make.
We help you:
- Identify Federal Controlled Information (FCI) and Controlled Unclassified Information (CUI) that touch your people, processes, and technology.
- Review your strategy for NIST 800-171 / CMMC compliance.
- Evaluate and improve your existing System Security Plan (SSP) and Plan of Actions and Milestone (POAM)
- Assess and improve your policies, procedures, and practices
- Minimize your CUI footprint which equals less compliance effort and lower cost.
NIST 800-171 and CMMC Compliance do not need to be a company-wide undertaking. In fact, DFARS requirements only apply where Controlled Unclassified Information (CUI) touches your people, processes, and technology. KLC Consulting’s CUI Guidance consulting is the first step toward becoming CMMC Compliant. Our approach to CUI Guidance minimizes your CUI footprint which equals less compliance effort and a lower cost.
“The most critical factor in CMMC Level 2 compliance is discerning the CUI you handle, segregating it, and minimizing its footprint within your business organization.”– Kyle Lai, Certified CMMC Professional, and
President of KLC Consulting, Inc.
Call for an Introductory No-Cost Consultation: 617.314.9721 x158
CUI Guidance – How We Work Together
- We conduct Zoom calls to analyze how your business operates.
- Discern the CUI information you handle.
- Use our proprietary “CUI Data Lifecycle” methodology to scope your CUI boundary, minimize its footprint, and reduce your CMMC compliance cost.
1 Input & Creation of CUI
Review and document how it’s received and created.
2 Storage of CUI
Evaluate, inspect, and document processes and mechanisms.
3 Use of CUI
Examine who, what, where, why, and how of usage.
4 Share of CUI
How shared with prime contractors, subcontractors and the DoD.
5 Archive of CUI
Analyze methods and processes of archival and encryption.
6 Disposal of CUI
Evaluate contract requirements with practices and processes.
DoD CUI Guidance Consulting Package
Our CUI Guidance provides the best foundation for your CMMC compliance program.
We utilize the CMMC 2.0 Assessment Guide and provide you with
- Your CUI boundary diagram
- Identification of “In Scope” assets such as CUI Assets, Security Protection Assets, Risk Managed Assets and Specialized Assets
- Recommendations to minimize your CUI footprint
Prices start at $11,900 and vary by your in-scope factors, including the numbers of:
- Physical locations and cage codes
- Employees and citizenship
- Systems, devices, and applications
Now you’re ready for an accurate self-assessment
The next steps are SPRS Submission and POAM Remediation
Do You Sell Commercial Off The Shelf (COTS)?
If so, NIST 800-171 and CMMC Level 2 don’t apply. If you believe that’s what you sell to the DoD is COTS, we can help you prove it.
Check out our CUI definition and boundary video…
“a video guide for defense contractors”