CMMC 2.0 & NIST 800-171 Compliance Simplified

The U.S. Department of Defense (DoD) has updated and simplified the CMMC program. CMMC 2.0 will require organizations handling Controlled Unclassified Information (CUI) to be certified at Level 2 and meet the 110 practices aligned with NIST SP 800-171. Popular commercial email and file sharing systems like O365, Google Workspace and Dropbox do not support CMMC Level 2 requirements for storing and sharing CUI.
PreVeil’s Email and Drive are a simple, inexpensive, and secure solution for storing and sharing CUI and ITAR data. They can help organizations reduce the cost and complexity of achieving CMMC Level 2 compliance when used in conjunction with appropriate policies, procedures, and technologies. PreVeil seamlessly works with an organization’s existing O365 or Google Workspace solutions.

We Provide Three Essential Elements to Simplify Compliance:

A Cloud Platform to Secure, Store & Share CUI

PreVeil’s Email and Drive platform enable an organization to encrypt, store and share CUI in compliance with CMMC Level 2, DFARS 252.204-7012, NIST 800-171 and ITAR regulations.
Organizations can easily add PreVeil to their existing IT environments, dramatically reducing the time and expense required to achieve compliance.

A System Security Plan Template

A detailed System Security Plan is necessary to demonstrate compliance with the CMMC controls.
The PreVeil platform supports a majority of the CMMC Level 2 controls. We provide an organization with detailed compliance documentation, policy templates and a responsibility matrix to simplify its compliance journey.

Compliance Consulting

Most organizations will require compliance and IT expertise to meet CMMC Level 2 requirements. PreVeil can connect an organization to its network of certified CMMC assessors, auditors and IT experts to help it prepare for a successful audit or self-certification.

Our CMMC whitepaper details the individual CMMC controls and how PreVeil helps address them.


Download our CMMC Whitepaper

Why Leading Defense Contractors Choose PreVeil


PreVeil is a fraction of the cost of alternatives because only users handling CUI require a low-cost, all inclusive PreVeil license. An organization’s suppliers and partners can join for free.

Easy to deploy

Other platforms take months to deploy, requiring you rip your existing IT infrastructure and replace it with complex solutions. PreVeil however deploys in hours alongside your existing IT systems, saving months of business disruption and expense.


The PreVeil platform meets the stringent CMMC and DFARS requirements for cloud services handling CUI. It is FedRamp Moderate Baseline Equivalent, uses FIPS 140-2 validated encryption algorithms and supports DFARS 252.204-7012 c-g.

PreVeil Gets Contractor to a Maximum NIST 800-171 Score

In 2021, a small defense contractor achieved a maximum NIST 800-171 score meeting 110 out of 110 controls in a rigorous DoD audit. The contractor used PreVeil to protect, store and share CUI. Under CMMC 2.0, the contractor would meet Level 2 certification requirements.
To learn more about how the contractor achieved this successful outcome, download our case study.


Read the Case Study

Get to Know the PreVeil Platform

PreVeil Drive

PreVeil Drive lets users encrypt, store and share their files containing CUI. Users can easily access these files from their computers or mobile devices and share them with suppliers and partners. Works with Windows Explorer, Mac Finder and on browsers.


Learn More About PreVeil Drive

PreVeil Email

PreVeil Email is an encrypted email service that addresses CMMC 2.0 and ITAR requirements. It adds an encrypted mailbox to Outlook and Gmail, letting you continue to use these accounts. Users can send and receive emails just like they are used to while continuing to use their existing email address.


Learn More About PreVeil Email

PreVeil comes with unlimited storage for your email and files containing CUI. All data is automatically stored on Amazon’s GovCloud for a fixed $30 per month.

Unlimited Storage on Amazon GovCloud

Zero Trust Security

PreVeil implements the NSA’s recommended Zero Trust approach to security and assumes a breach is inevitable.
All data is secured using end-to-end encryption, which means that the information is only ever encrypted and decrypted on a user’s device -never on the server. In addition, CUI cannot be accessed with stolen passwords nor by using a compromised administrator’s credentials. An organization can also restrict the flow of CUI to their trusted partners and suppliers.


Learn More About PreVeil Security

CMMC Compliance FAQs

How can I communicate securely with my upstream military agencies or Primes who do not have PreVeil?

PreVeil’s Email Gateway offers its customers a communication channel that enables them to seamlessly send and receive email with Primes or .mil personnel that are restricted from creating a free PreVeil account. Please reach out to PreVeil for more information.

Can I continue to use Commercial O365 or Gmail if I need to be CMMC 2.0 compliant?

You can continue to use platforms like Commercial O365 and Gmail but they must be separated from your compliance boundary and not handle CUI.

How are CMMC Level 3 and NIST 800-171 related?

Under CMMC 2.0, requirements for the new Level 2 (Advanced)—the level comparable to the old CMMC Level 3—will be in complete alignment with NIST SP 800-171 security controls.

Can I use PreVeil to communicate with suppliers?

PreVeil is also an ideal tool for collaborating with suppliers. Contractors can set granular permissions such as read only or view only to maintain control and visibility over their data. They can revoke access anytime by unsharing. PreVeil can be downloaded for free by subcontractors. Primes can be assured their supply chain is compliant and secure.

Can I use PreVeil to manage ITAR data?

Yes, PreVeil can be used to manage ITAR data.

In PreVeil, data is secured using end-to-end encryption and FIPS 140-2 algorithms. Cloud service providers can never access the decryption keys since private keys are stored on the user device. We also store all ITAR data in AWS GovCloud datacenters, enabling easy compliance with data residency requirements.