• Blog

PreVeil’s Platform Supports Compliance with NIST, DFARS, CMMC Level 2, and Meets FedRAMP, FIPS and ITAR Standards

PreVeil is a state-of-the-art encrypted file sharing and email platform that offers uncompromised security for storing and sharing Controlled Unclassified Information (CUI). Organizations can easily add PreVeil to their existing IT environments (including Microsoft 365 Commercial), dramatically reducing the time and expense required to achieve compliance.
 
PreVeil delivers a massive boost to your organization’s cybersecurity by supporting compliance with 84 of the 110 NIST SP 800-171 security controls, including the ones designed to protect CUI.
 
PreVeil offers a comprehensive Governance, Risk and Compliance (GRC) documentation package to customers that deploy its platform. The package includes a System Security Plan (SSP) template that’s based on NIST SP 800-171’s 110 security controls and is prefilled to reflect PreVeil’s capabilities and the 84 security controls it supports, along with procedures relevant to those controls. PreVeil’s GRC documentation package also includes, among other items, a Plan of Action & Milestones (POA&M) that shows how the controls that PreVeil doesn’t support can be met.
 
Note that the SSP and POA&M are the key documents your organization needs to support its required NIST SP 800-171 self-assessment. Once you’ve conducted that self-assessment, your organization will be ready to report your score to the DoD’s Supplier Performance Risk System (SPRS), as required.
 
The security controls for CMMC Level 2 (the level that contractors that handle CUI will need to achieve) will be in complete alignment with the 110 security controls of NIST SP 800-171. That means that all effort devoted now to compliance with NIST SP 800-171 will help your organization more readily achieve CMMC Level 2 certification when CMMC is implemented in March 2023.
 
PreVeil also complies with DFARS 252.204-7012 (c)-(g) requirements for cyber incident reporting, unlike Microsoft 365 Commercial. PreVeil’s March 2021 one-page Statement on DFARS 7012 c-g specifies how PreVeil’s information assurance compliance program meets each of the (c)-(g) requirements—meaning that if your organization deploys PreVeil, it can readily meet them too.
 
PreVeil is FedRAMP Baseline Moderate Equivalent and meets the criteria specified in the Cyber AB’s CMMC Assessment Process (CAP) for cloud service providers. Specifically, PreVeil “has provided a body of evidence documenting how [its] controls are equivalent to those provided by the FedRAMP Moderate baseline standard,” and that “body of evidence has been attested to by and independent, credible, professional source.” In short, if your organization deploys PreVeil, you can be assured that it will meet these key CAP CMMC Level 2 criteria for securing CUI in the cloud.
 
Finally, PreVeil’s cryptographic modules are FIPS 140-2 validated and also meet ITAR 120.54 end-to-end encryption standards for storing and sharing ITAR (International Traffic in Arms Regulations) data.
 
PreVeil supports your organization’s entire compliance journey, from deployment of its DoD-compliant Drive and Email platform to GRC documentation to audit responses as needed—all while saving you time, minimizing your risks, and reducing your costs.