CMMC & NIST 800-171 Compliance Simplified

The CMMC program requires organizations handling Controlled Unclassified Information (CUI) to be certified at Level 3. There are 130 controls at Level 3, 110 of which are based on NIST 800-171. Popular email and file sharing systems like O365, Google Workspace and Dropbox are not compliant with CMMC requirements for storing and sharing CUI.
 
PreVeil Email and Drive are a simple, inexpensive, and secure solution for storing and sharing CUI. Organizations can achieve NIST 800-171 and CMMC Level 3 compliance by using PreVeil in conjunction with appropriate policies and procedures, without giving up their existing O365, Exchange or Google Workspace solutions.

We Provide The Three Essential Elements to Simplify Compliance:

A Cloud Platform to Secure, Store & Share CUI

PreVeil’s Email and Drive platform enable an organization to encrypt, store and share CUI in compliance with CMMC Level 3, DFARS 252.204-7012, NIST 800-171 and ITAR regulations.
 
Organizations can easily add PreVeil to their existing IT environments, dramatically reducing the time and expense required to achieve compliance.

A System Security Plan Template

PreVeil provides a detailed SSP to help organizations avoid the significant time, cost and complexity of developing the document from scratch.
 
Our SSP was created by leading CMMC-AB certified experts. It provides compliance language for the 80+ CMMC controls PreVeil supports. It also includes detailed policies and procedures to expedite an organization’s compliance journey.

Compliance Consulting

Most organizations will require compliance and IT expertise to meet the complex CMMC requirements. PreVeil’s network of 100s of CMMC-AB certified Provisional Assessors, Registered POs, MSPs and MSSPs can help your organization prepare for a successful audit.

Our CMMC whitepaper details the individual CMMC controls and how PreVeil helps address them.

 

Download our CMMC Whitepaper

Why Leading Defense Contractors Choose PreVeil

Affordable

PreVeil is a fraction of the cost of alternatives because only users handling CUI require a low-cost, all inclusive PreVeil license. An organization’s suppliers and partners can join for free.

Easy to deploy

While other platforms require you to rip your IT infrastructure and replace it with complex solutions, PreVeil deploys quickly without changing your existing systems and saves months of effort and expense.

Compliant

PreVeil’s Email and File Sharing platform are FedRamp Moderate Baseline Equivalent, use FIPS 140-2 validated encryption and comply with DFARS 252.204-7012 c-g

Case Study: Exceptional NIST 800-171 Score. CMMC Ready.

Dr. Jose Neto, CMMC-AB Provisional Assessor, helped a leading defense contractor build an effective compliance program by using PreVeil to protect their CUI.
 
The contractor achieved a near-perfect NIST 800-171 audit score after a rigorous Department of Defense audit. They met 109 of the 110 controls and are now well-prepared to meet the 130 controls required by CMMC Level 3.

 

Read the Case Study

Get to Know the PreVeil Platform

PreVeil Drive

PreVeil Drive lets users encrypt, store and share their files containing CUI. Users can easily access these files from their computers or mobile devices and share them with suppliers and partners. Works with Windows Explorer, Mac Finder and on browsers.

 

Learn More About PreVeil Drive

PreVeil Email

PreVeil Email is an encrypted email service that addresses CMMC requirements for communication and storage of CUI. It adds an encrypted mailbox to Outlook and Gmail, letting you continue to use these accounts. Users can send and receive emails just like they are used to while continuing to use their existing email address.

 

Learn More About PreVeil Email

PreVeil comes with unlimited storage for your email and files containing CUI. All data is automatically stored on Amazon’s GovCloud for a fixed $30 per month.

Unlimited Storage on Amazon GovCloud

Zero Trust Security


Unlike existing file sharing and email services, PreVeil assumes a breach is inevitable but protects your CUI anyway.
 
All user data is secured using end-to-end encryption, which means that the information is only ever encrypted and decrypted on a user’s device -never on the server. CUI cannot be accessed with stolen passwords nor by using a compromised administrator’s credentials. An organization can also restrict the flow of CUI to their trusted partners and suppliers.

 

Learn More About PreVeil Security

CMMC Compliance FAQs

How can I communicate securely with my upstream military agencies or Primes who do not have PreVeil?

PreVeil’s Email Gateway offers its customers a communication channel that enables them to seamlessly send and receive email with Primes or .mil personnel that are restricted from creating a free PreVeil account. Please reach out to PreVeil for more information.

Can I continue to use Commercial O365 or Gmail if I need to be CMMC compliant?

You can continue to use platforms like Commercial O365 and Gmail but they must be separated from your compliance boundary and not handle CUI.

How are CMMC Level 3 and NIST 800-171 related?

CMMC Level 3 is built on the foundation of the 110 controls in NIST 800-171. Until a CMMC compliance requirement is rolled out into a specific contract, organizations are expected to meet the requirements spelled out in NIST 800-171.

The DFARS Interim Rule, passed in late 2020, specifically tells companies that they are required to self-assess their current cybersecurity capabilities under NIST 800-171 and report their SPRS score to the DoD. Contractors will either indicate that they meet all 110 security controls or must have a Plan of Actions and Milestones (POAM) which indicates their plan to do so.

Can I use PreVeil to communicate with suppliers?

PreVeil is also an ideal tool for collaborating with suppliers. Contractors can set granular permissions such as read only or view only to maintain control and visibility over their data. They can revoke access anytime by unsharing. PreVeil can be downloaded for free by subcontractors. Primes can be assured their supply chain is compliant and secure.

Can I use PreVeil to manage ITAR data?

Yes, PreVeil can be used to manage ITAR data.

In PreVeil, data is secured using end-to-end encryption and FIPS 140-2 algorithms. Cloud service providers can never access the decryption keys since private keys are stored on the user device. We also store all ITAR data in AWS GovCloud datacenters, enabling easy compliance with data residency requirements.