Log in

KCD Demo Webinar

Part 1 - Overview

Part 2 - Actual documents

Part 3 - Implementing

Kieri Solutions offers a licensable set of NIST SP 800-171, DFARS 252.204-7012, and CMMC compliance templates called the Kieri Compliance Documentation (KCD). This is a holistic and user-friendly cybersecurity program which is designed for small and medium networks.

**Why is the KCD different from all other compliance documentation products?**

The KCD does three key things differently:

1) Behavior stacking – This is a critical principle for building new habits. Essentially, you need a trigger to remind you to do compliance tasks. As we wrote the KCD and identified best practice methods to meet each requirement, we linked each action to a scheduled activity. Under our program, your IT department only needs to remember to start a weekly maintenance task and the rest follows with just-in-time procedures and reminders.

2) No blanks – We don’t think it is fair to give you empty templates and hope you “figure it out.” Instead, our compliance templates are fully written for a functional, small, IT department that is performing all the requirements for CMMC Level 2. You can model your efforts to these best practices, or modify them to fit you. Our clients (including Fortune 500 companies) tell us that the examples in the KCD and our training library are a masterclass on how to perform CMMC efficiently.

3) Actionable statements – You won’t see regurgitations of the requirements like “The organization identifies authorized users, processes, and devices” in the KCD anywhere. That doesn’t help companies pass their assessment. Instead, the KCD says HOW each requirement is performed: “We identify authorized users by following the process for new user onboarding in Administrative Processes, Section 2.1. The CIO authorizes the user after reviewing their Account Request Form, background screening, training, and user agreements, to ensure they meet requirements for access. All authorized users and their authorizations are tracked in the Account Management Database.” Isn’t that a better way to do things?

The KCD provides a kick-start for companies that don’t have compliant policies, procedures, system security plan, and user agreements because it is pre-written with reasonable best practices and gives prescriptive (but easily customizable) instructions on how to perform each requirement. This program emphasizes record-keeping and processes that generate proof that they are performed over time.

I would like more information…

What Our Clients Say About The KCD Package

“I would like to celebrate our company successfully passing their CMMC Level 2 Certification.

It has been a lot of work and there are multiple people I would like to thank for helping in this journey…

…Kieri Solutions – Authorized C3PAO for their excellent product (Compliance Documents and Reference Architecture) Amira Armond, Jonathan Weadon, and Jil Wright for all the help as I worked my way through the implementation.”

– CMMC certified KCD Customer

“We bought the KCD package and so far we have found that it was well worth the cost and would have cost us 10x more to write it ourselves incorrectly.”

– Roman V., PAS

“Thank you for your prompt response. Appreciate it. I am glad I went with Kieri. I saw many other competing products, but I’ve watched many of Amira’s presentations, and it is good to attach products to real humans and experts. Tell Amira to continue supporting the industry with selfless energy.”

– A satisfied KCD client

“Dawson has been pursuing NIST/CMMC compliance since 2016. Even though we met all of the security objectives on our network, the documentation process has been challenging. Interpreting the documentation requirements seems to be a moving target. Many vendors offer documentation packages, but none of them have ever been audited specifically for CMMC v2.0, as far as we could tell. The Kieri documentation set scales to any size company and lays out the roadmap with video explanations. They passed their audit as a C3PAO, which gives them a ton of credibility in my book. If you’re tired of the fear based approach to CMMC, I strongly recommend Kieri.”

– Andrew Riehemann, CIO (CISSP), Dawson Ohana

“The KCD documentation made the assessment so much easier.”

– CMMC Certified KCD User

“As one of your new subscribers, I wanted to share with you my sense of relief, almost elation, at using your system. It is fantastic. My team and I just started digging into the policies, and comparing them with those we have already in place, cross referencing, etc. The templates are such a help to us. Thank you!”

– A. Carmichael, Measurement Technology

“Your KCD documentation is well designed. I reviewed it with our IT implementer, and he felt it was easy to understand and will make his job of implementation easier. Thank you for keeping it simple. It has been my experience that people throw words at a solution instead of thought. You have created a well-thought-out package.”

-V. Delaney, Continuous Process Improvement Systems, LLC (CPISys)

“Unlike other templates, the KCD isn’t just a collection of documents. It’s a comprehensive, interconnected system that gives you a realistic view of what a compliant organization looks like. It’s the practicality and detail that sets it apart”

– Bobby Guerra, Axiom.Tech

“The quality of work is exceptional.”

– Siber Systems (Washington DC)

“What impressed us most was how the System Security Plan is intricately linked to all other components. This isn’t just a sample plan; it’s a blueprint for a complete, functioning system.”

– Bobby Guerra, Axiom.tech

“By far, the best company we have ever assessed… They ate their own dogfood, by that I mean they followed their own policy and procedures…”

– Mr. Ellis, Director DCMA DIBCAC

“In our own compliance journey of trying to figure out what we are required to do, even with consultants that helped us along the way, the MOST useful resource that we have found to-date has been the KCD. “

– Melissa Kimball, University of Maine

“I AM YELLING SO THAT YOU CLEARLY UNDERSTAND THAT SO FAR I AM “AMAZED” AT THE PACKAGE!!!

We bought it yesterday and I have already watched almost all the included training videos. I really enjoy the real-world discussions!

– Happy KCD customer

“The most useful resource we have found to date is the KCD. Particularly the SSP and the commentary that is in the SSP which provides extra guidance for us when we are trying to interpret the assessment objectives. It is the most bang-for-the-buck, out of the things we have invested in so far, in terms of getting us ready for CMMC assessment.”

– University of Maine

“I have found the documentation extremely helpful. It’s helped validate that we are on the right track with things and provided some insight on areas we were struggling with. Thank you for developing it!”

– Happy KCD customer

“Your KCD documentation is well designed. I reviewed it with our IT implementer, and he felt it was easy to understand and will make his job of implementation easier. Thank you for keeping it simple. It has been my experience that people throw words at a solution instead of thought. You have created a well-thought-out package.”

– CPI Systems

“We really found the Kieri Compliance Documentation (KCD) extremely useful for customizing to our operations. This saved an untold amount of time for us. We really like the ease and fantastic explanations highlighted in yellow guiding us through the documents. I would recommend to anyone seeking to comply with the CMMC program requirements and to speed up the documentation required. There is a significant amount of documents that must be made and artifact proven and the Kieri Compliance Documentation (KDC) will keep you on target and allow for reaching the compliance level you must achieve to stay in the Defense Industrial Base industry. We love it.”

– AF Technologies

“Excellent CMMC/NIST 800-171 documentation and support. The Kieri Documentation (KCD) fits our needs perfectly. It answers our question of: What does an Auditor want to see? They are very knowledgeable and have been instrumental in getting our understanding of CMMC and Cybersecurity in general up to speed. They go the extra mile with newsletters, webinars, training videos and other resources.”

– McDonough Bolyard Peck, Inc

“Kieri Solutions provides a nicely packaged practical implementation for CMMC controls and associated documentation. It is especially advantageous for small businesses with limited staff. Kieri’s staff are extremely knowledgeable and very professional. While there are many organizations peddling push button solutions for CMMC that will magically solve all your problems, Kieri Solutions is not them. We learned more and are farther along in our compliance journey because of Kieri Solutions.”

– Maximum Effort Cyber

1. All the documents your IT department needs to perform NIST SP 800-171 and CMMC Level 2 compliance.

(screenshot of library from April 2024)

2. Training library with 40+ hours of videos and newsletters

(screenshot library from April 2024)

3. Support from Kieri Solutions experts

Each month, we invite our subscribers to live recorded Q&A sessions. We also publish a monthly newsletter with the latest news about CMMC and useful reminders.

Each license comes with three free check-ins with our team. Talk with an expert 1-on-1. Happy to discuss any 800-171, DFARS 252.204-7012, or CMMC topic. If you’d like, we can also add customization services or additional consulting to get you compliant faster!

You will be speaking with Certified CMMC Assessors who have experience in real CMMC assessments and helping companies comply with CMMC. We are carefully watching CMMC’s progression and will give you the information you need to prepare smartly.

KCD Customization Services

If you decide to buy a KCD License, we strongly encourage you to add-on customization services from Kieri. It is an incredible value and help to get businesses started. Here’s why:

Our typical customization engagement is 25 hours. We start with an empty Plan of Action and work through each document line-by-line with you. We explain why the document says what it does and clear up any confusion about the 800-171 requirement at its core. Then we review if you’re performing the requirement well enough already. If yes, we customize to fit and move on. If not, we add the remediation task to your Plan of Action as we continue to shape your compliance program for you.

Why is this a big deal? You’ll get a very informal (not verifying evidence) Gap Analysis from our assessor at the same time as you fix your documentation!! We also give you a double-check on whether your implementations (even the technical ones) are good enough to pass an assessment!

By the end of our meetings, you will be far more knowledgeable about what is left to implement CMMC compliance for your organization, after you’ve got your policies and procedures and and other documentation fixed.

If you prefer to go it alone, you’ll still succeed, don’t worry – most of the happy customer quotes on this page are from people that only purchased a KCD license. It will just take a bit longer.

The Kieri Compliance Documentation is unique

The KCD is the ONLY set of CMMC compliance templates that is pre-written with best-practice sample answers and instructions for every requirement. Our clients tell us that the KCD:
1) keeps them from over-thinking requirements,

2) meshes together policy, procedure, databases, and system security plan in an efficient, repeatable way,

3) is a master-class on how to succeed at CMMC Level 2.

The KCD comes with the full support of the Kieri team. We want you to pass your CMMC assessment! Included is a full library of training videos, monthly newsletters, Ask Me Anything webinars, and three free check-ins with our practicing CMMC / 800-171 assessors.

The KCD is battle-tested: we used this program to pass our CMMC assessment by the DoD. Right now, more than a hundred companies are using the KCD to become and remain compliant with NIST SP 800-171 and CMMC Level 2.

Request a quote or a demo for the KCD!

FAQs about the Kieri Compliance Documentation

What is the KCD?
Why should I choose the KCD instead of other for-sale documentation?
The KCD prioritizes ease-of-use and simplicity. We use small words and expect only 1-2 people to be involved in reviewing it, not a full team of executive staff and lawyers. The KCD is designed for NIST SP 800-171 requirements and CMMC Level 2 and does not try to multi-task for other cybersecurity frameworks. We have added real-world examples wherever possible to illustrate best practices, to include partially writing the system security plan for you. Finally, this documentation package is battle tested – it is based on the same policies and procedures that we used to pass our CMMC assessment.
I’m thinking about buying the documents. How can I see some examples?
How much does the KCD cost?
I’m too busy to deal with documentation.
You should consider adding some consulting so that your documentation gets done. If you buy a license, we offer a discounted consulting package of 25 hours which is enough time to explain and quickly customize each document for you (if you are a typical small or medium business). We also offer larger consulting projects to help identify gaps and solutions, provide accountability, and perform vCISO services.
Can I just download all the templates, leave them as-is, and pass CMMC or NIST SP 800-171?
No, but we wish it were that easy. Using this package will save your organization at least 200 hours of work compared to creating the documents from scratch (that’s an impressive cost saving), but there is still some work left to do. Our most successful clients also request consulting to customize policies, create a Plan of Action, do a first pass on your System Security Plan, and demonstrate how to perform Change Management and the Maintenance Checklist.
We don’t use Microsoft 365 for our enclave or information system. Will the KCD still work for us?
Yes. The KCD does not assume that you have any specific technology or automation, other than the ability to edit spreadsheets and word documents. In almost all cases, it references technologies with non-vendor-specific terms like “file share.” It’s easy to modify the policies and procedures to list your specific solutions. As a bonus, we have lots of example answers throughout the templates. Most of the examples are for a Microsoft 365-based enclave, so if you use that, you can accept the examples without much alteration. In short: Yes, any technology is fine!
I’m going to buy the KCD. How would we get started?
The “Overview of Kieri Compliance Documentation” document (available without a subscription) provides the recommended order to review, customize, and implement the KCD in your organization. The summary steps are: 1) Create standard locations to store records and track your work. 2) Review and customize policies. 3) Create your Plan of Action based on policy items you aren’t doing. 4) Start formal Change Management and weekly Cybersecurity Maintenance procedures. 5) Update your inventories. 6) Update procedures as you perform them. 7) Update the System Security Plan to describe your implementation of each requirement.
What is Change Management?
What is the Cybersecurity Maintenance Checklist?
We have developed a proprietary checklist of activities that need to be performed on a schedule in order to be compliant with CMMC. The checklist includes tasks that are performed weekly, monthly, quarterly, bi-annually, and annually. You can customize this checklist to increase or reduce frequency of tasks based on your specific environment (bigger environments should do some tasks more often). We have found that using this checklist is the most effective way to get an IT department to do compliance activities consistently. This handles the CMMC requirements that require regular monitoring and oversight.
Why does the KCD include IT Department databases?
Careful record keeping is needed to demonstrate that you are performing the requirements of CMMC. You need to maintain records about your privileged users, your regular users, the hardware you use on your network, your software, any cyber incidents, changes you make, patching, etc. (the list goes on). Our IT Department databases let you create a place to organize these records. The database fields are carefully designed to gather information that is used for CMMC, such as whether mobile devices are authorized for CUI.
Can I share or resell the templates?
The KCD is licensed to be used by a single legal entity. Each entity (such as a corporation) needs their own license to legally use the KCD. If you are a cybersecurity consultant, you are more than welcome to help your clients customize the KCD for their use. If you have many clients that would benefit from the KCD, please reach out to ask about our referral program. We do not offer white-label services at this time.
Can I get a CMMC Assessment from Kieri Solutions if I use the KCD?
Can I get updated documentation if CMMC changes?
Do you label each policy with the CMMC practice it addresses?
and more topics to come… (send questions if you have them)

What about NIST SP 800-171 Rev. 3 ???

We are already updating the KCD to incorporate the Rev.3 changes!!

When you purchase a license, you get a free 12 month subscription to updates. We are already building the updated set of documentation. So don’t worry, the KCD will support both Rev. 2 and Rev. 3!

Quick start guide for the Kieri Compliance Documentation (Download, .docx)

Kieri Compliance Documentation

Log in

KCD Demo Webinar

Part 1 - Overview

Part 2 - Actual documents

Part 3 - Implementing

Why is the KCD different from all other compliance documentation products?

I would like more information…hbspt.forms.create({ region: "na1", portalId: "23703842", formId: "a08ae2ea-81b0-43d0-be65-2fceedc0697e" });

I would like more information…

What Our Clients Say About The KCD Package

“I would like to celebrate our company successfully passing their CMMC Level 2 Certification.

It has been a lot of work and there are multiple people I would like to thank for helping in this journey…

…Kieri Solutions – Authorized C3PAO for their excellent product (Compliance Documents and Reference Architecture) Amira Armond, Jonathan Weadon, and Jil Wright for all the help as I worked my way through the implementation.”

– CMMC certified KCD Customer

“We bought the KCD package and so far we have found that it was well worth the cost and would have cost us 10x more to write it ourselves incorrectly.”

– Roman V., PAS

– A satisfied KCD client

– Andrew Riehemann, CIO (CISSP), Dawson Ohana

“The KCD documentation made the assessment so much easier.”

– CMMC Certified KCD User

– A. Carmichael, Measurement Technology

“Unlike other templates, the KCD isn’t just a collection of documents. It’s a comprehensive, interconnected system that gives you a realistic view of what a compliant organization looks like. It’s the practicality and detail that sets it apart”

– Bobby Guerra, Axiom.Tech

“The quality of work is exceptional.”

– Siber Systems (Washington DC)

“Using your SSP to help address our open POA&Ms has been invaluable!”

– Happy KCD customer

“What impressed us most was how the System Security Plan is intricately linked to all other components. This isn’t just a sample plan; it’s a blueprint for a complete, functioning system.”

– Bobby Guerra, Axiom.tech

“By far, the best company we have ever assessed… They ate their own dogfood, by that I mean they followed their own policy and procedures…”

– Mr. Ellis, Director DCMA DIBCAC

“In our own compliance journey of trying to figure out what we are required to do, even with consultants that helped us along the way, the MOST useful resource that we have found to-date has been the KCD. “

– Melissa Kimball, University of Maine

“I AM YELLING SO THAT YOU CLEARLY UNDERSTAND THAT SO FAR I AM “AMAZED” AT THE PACKAGE!!!

We bought it yesterday and I have already watched almost all the included training videos. I really enjoy the real-world discussions!

– Happy KCD customer

– University of Maine

“I have found the documentation extremely helpful. It’s helped validate that we are on the right track with things and provided some insight on areas we were struggling with. Thank you for developing it!”

– Happy KCD customer

– CPI Systems

– AF Technologies

– McDonough Bolyard Peck, Inc

– Maximum Effort Cyber

1. All the documents your IT department needs to perform NIST SP 800-171 and CMMC Level 2 compliance.

2. Training library with 40+ hours of videos and newsletters

3. Support from Kieri Solutions experts

The Kieri Compliance Documentation is unique

Request a quote or a demo for the KCD!

FAQs about the Kieri Compliance Documentation

Send an email to sales@kieri.com if you are a subscriber and need help logging on or accessing content.

KIERI SOLUTIONS

**Why is the KCD different from all other compliance documentation products?**

I would like more information…