Blog

CMMC Compliance With O365

PreVeil Enables CMMC Level 3 Compliance with O365

The Department of Defense’s new Cybersecurity Maturity Model Certification (CMMC) framework is rolling out now, starting with approximately 1,500 primes and subcontractors in the Defense Industrial Base (DIB). From there, the process will pick up speed until all 300,000 organizations in the DIB will need to achieve their required CMMC level in order to continue to do work for the DoD.
 
Going forward, DoD will be identifying required CMMC levels in its RFPs and—notably—CMMC certification will serve as the basis of “go/no go” decisions for awarding defense contracts. If your company does work for the DoD that involves handling Controlled Unclassified Information (CUI), you will need to achieve CMMC Level 3 or above. Specifically, CMMC Level 3 requires that organizations demonstrate “…a basic ability to protect and sustain an organization’s assets and CUI.”

It is clear that O365 is not CMMC compliant. Microsoft acknowledges that and offers its GCC High service to the DIB instead. But there’s a more secure, easier, and less expensive alternative to GCC High for CMMC compliance: PreVeil Email and Drive.
 
PreVeil uses end-to-end encryption with no central point of attack. Microsoft GCC High doesn’t. PreVeil’s servers can never see your data. Microsoft’s can. And that means that an attacker breaking into the server (for example, by compromising an administrator) can also access all your organization’s data.
 
Moreover, PreVeil’s email and file sharing service is a fraction of the cost of GCC High. PreVeil need be deployed only to your employees who handle CUI, whereas GCC High typically requires deployment across your entire organization. And as explained below, PreVeil makes configuration and deployment simple and inexpensive, with no need to rip and replace your existing infrastructure. Your employees don’t even need to change their Outlook email address.

 
PreVeil’s straightforward solutions also help you avoid expensive CMMC consultant engagements, which are par for the course for GCC High installation.
 
In short, your company doesn’t have to go through a time consuming and costly disruption to upgrade to Microsoft’s GCC High or alternatives. Instead, you can be an Office 365 company and comply with CMMC requirements by leveraging technological advances that enable end-to-end encryption and other CMMC-mandated security controls.
 
PreVeil’s security architecture is grounded in world-class end-to-end encryption. Its low-touch, elegant solution is based on MIT computer scientists’ research on cybersecurity and applied cryptography. With PreVeil, email, files and data are never decrypted on any server anywhere. If attackers breach a server, all they will get is useless gibberish.
 
PreVeil Email, as demonstrated in the video below, lets your employees send and receive encrypted emails containing CUI using their existing Outlook email address, all while maintaining CMMC Level 3 compliance. It integrates seamlessly with Outlook. The installation process automatically creates a new set of mailboxes for your encrypted messages. Messages in these new mailboxes are encrypted and stored on PreVeil’s servers, and there are no changes to the mailboxes already in your mail program. And unlike Microsoft Office GCC High—for which deployment means ripping and replacing your email server—PreVeil has no impact on the servers that store your regular, unsecure messages.
 
PreVeil Email: Video demonstration

 
PreVeil Drive, as demonstrated in the video below, enables end-to-end encrypted file sharing and storage of CUI that is CMMC Level 3 compliant. Users can access files stored on PreVeil Drive from any of their devices, or share files with other users who have the appropriate access permissions through PreVeil’s Trusted Communities. Unlike Office 365’s SharePoint service, which always has access to your data, only you and the people with whom you’ve explicitly shared files can decrypt them. PreVeil Drive is easy to use and automatically integrates with Windows File Explorer and Mac Finder. Again, unlike GCC High—for which deployment means ripping and replacing your email server—PreVeil has no impact on your existing file servers. It’s available for Windows, Mac and, with PreVeil’s mobile app, for iPads and smartphones as well.

 
PreVeil Drive: Video demonstration

All DoD contractors, regardless of size, will need to comply with CMMC requirements. To help you do so, PreVeil leverages a fundamentally better security paradigm. But better security isn’t enough. If security is difficult to use, it won’t be used. To be effective, security must be as frictionless as possible. PreVeil was created with this principle in mind so that all your security objectives, including CMMC compliance, will be met.
 
All of this—and more—explains why PreVeil has been named by industry leader PC Magazine as its new Editor’s Choice for encrypted email and file sharing. As Neil Rubenking writes in his review,

“After hearing about the high-end cryptographic technology embodied by this program, you might expect it’d require a PhD to operate. Nothing could be farther from the truth.” With PreVeil, he writes, “…you just start using it and get world-class protection.”

 
PreVeil has released a CMMC white paper that presents detailed information on what your company needs to do to comply with CMMC and, likewise, work with the DoD. Our aim is to make that process as seamless and affordable as possible while providing unparalleled security.
 
To learn more about PreVeil and how your company can get started with CMMC compliance, contact us.


  • Subscribe to the PreVeil blog and receive industry insights and interviews delivered straight to your inbox.