Kyle Lai

Kyle Lai is President and Chief Information Security Officer (CISO) at KLC Consulting.



We at KLC specializes in the following CMMC / NIST 800-171 related offerings:


1. Affordable NIST 800-171 SPRS Package Preparation and Submission Service - 

Are you uneasy about the 11/30/2020 deadline and your DFARS 252.204-7020 (NIST SP 800 171) submission into the DoD’s Supplier Performance Risk System – the SPRS?  Or concerned that your low (or negative!) score will affect your standing with the DoD and your prime contractors?  You’re far from alone! As a Defense Industrial Base (DIB) subcontractor, you’ve already received your DFARS 252.204-7019 notice about compliance. And we understand compliance effort is often viewed as a vague and unwelcome burden on top of everything else you do when time and resources are lacking. 

So, what to do about it? KLC will help you with the following

  • SSP documentation of existing baseline practices
  • POA&M for missing practices
  • Summary Assessment level score and worksheet
  • Guidance with your SPRS submission
  • Ability to report “In Compliance” with SPRS submission requirement to DOD Contract Official and prime contractors
  • Know exactly where you stand in NIST 800-171 compliance and cybersecurity posture

2. Affordable CMMC / CUI Scoping services

Our CUI Scoping Service Utilizes KLC Consulting’s Proprietary “CUI Data Lifecycle” Methodology to Help you Focus and Better Prepare for NIST 800-171 and CMMC Compliance.

Let’s use your every-day business language to simplify and minimize your CUI scope, rather than impose prefabricated and at times –  enigmatic – template language on your business processes and practices- that’s KLC’s proprietary “CUI Data Lifecycle” approach:

Input and creation of CUI

  • Review and document process, sources, methods.

Storage of CUI

  • Review, inspect, and document process, mechanisms

Use of CUI

  • Review who, what, when, where, why, and how in its usage

Share of CUI

  • Review, inventory, and document who, what, why, and how

Archive of CUI

  • Review methods and process of archiving and encryption

Disposal of CUI

  • Review contract requirements, secure disposal process


3. End-to-end CMMC / NIST 800-171 Compliance Preparation Services

We will be your CMMC / NIST 800-171 Expert Guide, We will

  • Perform CUI Scoping so you know what you need to focus on for CMMC Level 3 certification
  • Walk through CUI Data Lifecycle so you can quickly get an understanding of your CUI data flow
  • Conduct a CUI Gap Analysis, so you know where what practices you need to improve to achieve compliance
  • Design the practices, processes to meet the CMMC requirements
  • Draft policies required by CMMC
  • Connect you with a C3PAO (Certified Assessor) to perform the final assessment and obtain CMMC
  • If you need NIST 800-171 assessment results submission to SPRS, we will guide you through the process.