In a recent case study, an SMB defense contractor using PreVeil to store and share Controlled Unclassified Information (CUI) achieved a 110/110 on a NIST SP 800-171 audit. The SMB deployed PreVeil, a cloud-based, end-to-end encrypted file sharing and email system, as an overlay of its Microsoft 365 Commercial environment. The audit was conducted by the US Department of Defense’s (DoD) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).
The SMB is a typical defense contractor. They’ve been in business for 15 years and have fewer than 100 employees. The contractor was very concerned about the time, expense, and complexity of the audit.
Download your copy of our case study to also learn how compliance with NIST SP 800-171 makes compliance under CMMC 2.0 much simpler. That’s because the new CMMC Level 2 will require demonstration of compliance with the very same 110 NIST SP 800-171 security controls.
Microsoft 365 and Google Workspace don’t meet all DoD requirements for handling CUI. PreVeil is designed to comply with those requirements. Here’s how.
Defense contractors must document compliance in a System Security Plan (SSP). Putting one together can be very time-consuming and costly. PreVeil saves customers hundreds of hours (and thousands of dollars) by providing a comprehensive compliance documentation package, including an SSP template.
PreVeil’s SSP template is pre-filled to reflect the NIST SP 800-171 security controls PreVeil supports. The package also includes policy templates for the NIST SP 800-171 control families and additional required documentation.
The SMB in this case study began with a rudimentary SSP about 25 pages long. By the time of its successful audit, the SSP was approximately 225 pages long.
The 110 NIST SP 800-171 controls align completely with those of CMMC 2.0 Level 2. This case study consequently demonstrates that PreVeil also supports CMMC 2.0 Level 2 compliance.
Typical SMBs have limited resources and cybersecurity expertise. PreVeil’s secure platform provides world class security at a low cost in a simple to use platform.
All of this adds up to world-class security that’s far less expensive than alternatives. Achieving compliance with PreVeil costs 50% to 75% less than with GCC High.
Our three-step program makes achieving compliance straightforward.
Step One: Deploy PreVeil.
SMBs can easily deploy PreVeil as an overlay to their existing IT environments, dramatically improving their cybersecurity and raising their NIST SP 800-171 scores.
Step Two: Use PreVeil’s compliance documentation package.
PreVeil provides a comprehensive documentation package to its customers. The package includes an SSP template that’s based on NIST SP 800-171’s 110 security controls, which CMMC 2.0 Level 2 mirrors. The template is prefilled to reflect PreVeil’s capabilities, along with procedures relevant to those controls.
PreVeil’s package also includes templates for required NIST SP 800-171 policies, a Customer Responsibility Matrix (CRM), and a POA&M showing how the remaining controls can be met.
Step Three: Finish with a PreVeil partner.
PreVeil supports compliance with the majority of NIST and CMMC 2.0 mandates. The remaining controls can be addressed with time-limited POA&Ms. PreVeil staff can provide ready access to more than a hundred partner organizations and compliance experts certified by the CMMC-AB, with deep knowledge of DFARS, NIST, CMMC, and PreVeil. Any one of these can take you over the finish line.
PreVeil makes compliance accessible to SMB defense contractors. Learn how PreVeil can save your organization time, money, and headache.