August 10, 2022

PreVeil is a state-of-the-art encrypted file sharing and email platform that offers uncompromised security for storing and sharing Controlled Unclassified Information (CUI). Organizations can easily add PreVeil to their existing IT environments (including Microsoft 365 Commercial), dramatically reducing the time and expense required to achieve compliance.

PreVeil delivers a massive boost to your organization’s cybersecurity by supporting compliance with 102 of the 110 NIST SP 800-171 security controls, including the ones designed to protect CUI.

PreVeil offers a comprehensive Governance, Risk and Compliance (GRC) documentation package to customers that deploy its platform. The package includes a System Security Plan (SSP) template that’s based on NIST SP 800-171’s 110 security controls and is prefilled to reflect PreVeil’s capabilities and the 102 security controls it supports, along with procedures relevant to those controls. PreVeil’s GRC documentation package also includes, among other items, a Plan of Action & Milestones (POA&M) that shows how the controls that PreVeil doesn’t support can be met.

Note that the SSP and POA&M are the key documents your organization needs to support its required NIST SP 800-171 self-assessment. Once you’ve conducted that self-assessment, your organization will be ready to report your score to the DoD’s Supplier Performance Risk System (SPRS), as required.

The security controls for CMMC Level 2 (the level that contractors that handle CUI will need to achieve) will be in complete alignment with the 110 security controls of NIST SP 800-171. That means that all effort devoted now to compliance with NIST SP 800-171 will help your organization more readily achieve CMMC Level 2 certification when CMMC is implemented in March 2023.

PreVeil also complies with DFARS 252.204-7012 (c)-(g) requirements for cyber incident reporting, unlike Microsoft 365 Commercial. PreVeil’s March 2021 one-page Statement on DFARS 7012 c-g specifies how PreVeil’s information assurance compliance program meets each of the (c)-(g) requirements—meaning that if your organization deploys PreVeil, it can readily meet them too.

PreVeil is FedRAMP Baseline Moderate Equivalent and meets the criteria specified in the Cyber AB’s CMMC Assessment Process (CAP) for cloud service providers. Specifically, PreVeil “has provided a body of evidence documenting how [its] controls are equivalent to those provided by the FedRAMP Moderate baseline standard,” and that “body of evidence has been attested to by and independent, credible, professional source.” In short, if your organization deploys PreVeil, you can be assured that it will meet these key CAP CMMC Level 2 criteria for securing CUI in the cloud.

Finally, PreVeil’s cryptographic modules are FIPS 140-2 validated and also meet ITAR 120.54 end-to-end encryption standards for storing and sharing ITAR (International Traffic in Arms Regulations) data.

PreVeil supports your organization’s entire compliance journey, from deployment of its DoD-compliant Drive and Email platform to GRC documentation to audit responses as needed—all while saving you time, minimizing your risks, and reducing your costs.

Author

Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP

Noël Vestal is a CMMC Certified Professional and CMMC RP with over 15 years in DoD IT program management. She implemented the NIST 800-171/CMMC Level 2 compliance program for an OSC member of the DIB. She has her Master of Science (M.S.) in Information Technology and holds certifications from the CMMC Accreditation Body (CMMC AB) as a CMMC Certified Professional (CCP), CMMC Registered Practitioner (RP), CMMI Associate, and holds additional certifications including, Project Management Professional (PMP), and CompTIA’s Security + certification.

Orlee Berlove has been a marketing leader for over 25 years, and is currently the Senior Director of Marketing at PreVeil. She has her Masters of Engineering, Operations Research and her Bachelor of Arts from Cornell University.