KLC is a CMMC-AB cleared C3PAO company
Flexible consulting provides as much or as little help as you need – including guidance with your own do-it-yourself CMMC compliance effort. We meet you where you’re at and bring you all the way to CMMC level 3 “Assessment Ready!”
Are you confident in your understanding of CUI, its scope, and where you’re at in your compliance pursuit?
So let’s begin by eliminating the guesswork in your progression to CMMC Compliance
We recommend starting with a CMMC Gap Assessment
- Review your NIST 800-171 self-assessment and Incident Response plan required by DFARS 252.204-7012
- Verify your requirements to handle CUI and its Scope
- Check your policies, procedures, and supporting documents
We organize your best compliance team
- With the combined strength of your IT/managerial resources and our DoD cybersecurity experts who support all areas of NIST 800-171 and CMMC compliance
- Make our staff augmentation resources accessible to you
- Establish your compliance project timeline, and assign roles & responsibilities for successful project completion
And architect your best CMMC level 3 compliance solution
- Create your maturity level 3 compliance program
- Provide DoD cybersecurity subject matter expertise with all applicable regulations
- DFARS 252.204-7012, -7019, -7020, and -7021 (CMMC)
- Recommend ways to limit your CUI footprint and minimize compliance costs
- Yes, CMMC policy templates are available!
- CMMC procedures specific to your company
- Provide guidance with compliance flow down requirements to your sub-contractors with whom you share CUI
- Perform (or recommend tools to perform) a CMMC secure code review
We show you how to improve your information security practices
- Provide KLC’s “Journey to CMMC and DFARS 252.204-7012 Compliance” training and Cybersecurity Awareness training resources
- And mentor an ethos of CMMC compliance knowledge
- Guidance with cloud and physical security requirements
- Develop and test your Incident Response plan
- Multi-Factor Authentication (MFA) guidance
- Provide recommendations for CUI marking, labeling, and automated CUI labeling solutions
- and guide the creation of evidence collection needed to demonstrate CMMC level 3 compliance
And introduce you to our CMMC-technology partner solutions
to help you save time and money
KLC helps during your separately contracted C3PAO CMMC assessment
- Refer you to other C3PAO firms we’ve worked with and know well
- Serve as your advocate and liaison during your independent assessment
And after your C3PAO CMMC Assessment
- Post-certification guidance with your Change Management process
- Incident response (IR) readiness, handling, reporting to the DoD, and plan testing
- Perform CMMC required vulnerability assessments and penetration tests
- Monitor CMMC version updates for their effect on your compliance requirements
- Plan for your next CMMC assessment. CMMC is valid for 3 years
Prices vary by In-scope factors, including the number of
- Locations and cage codes
- Employees and citizenship
- Applications, systems, and devices
Click on the LEVEL tabs in this table to see the defined practices and processes of CMMC:
Basic Cybersecurity Hygiene
- Focus: safeguard federal contract information (FCI).
- Least number of practices to perform.
- Most small businesses will be required to meet level one certification.
- Establish Basic Cyber Hygiene
- Protect FCI
The CMMC program establishes security as the foundation for acquisition
In December 2019, The Defense Department anticipated that by June 2020, “…industry will see cybersecurity requirements included as part of new requests for information” (1). CMMC is being phased into DoD RFP’s during the calendar year 2021 and will be fully required by 2026.
Want to learn more about CMMC and our CMMC consulting service?
We invite you to watch our 11 minute video: DoD Cybersecurity Maturity Model Certification. And we would be happy to answer your specific CMMC questions.