PreVeil’s 3 Part Solution for CMMC & DFARS Compliance


Email & Drive file collaboration protect CUI with end-to-end encryption. Meets FedRAMP, FIPS 140-2, and DFARS 7012 c-g.

Documentation Package

All the templates, definitions and training videos are there for you to customize and fully document your program with PreVeil.

Partner Network

Support through your entire compliance journey- from prep to assessment- through our compliance team & network of CMMC consultants & auditors.

CMMC & DFARS Compliance Mandates Today

If you process Controlled Unclassified Information (CUI), you are currently required to meet NIST 800-171/ DFARS 7012. Protect your business from penalties and contract loss.

Read our CMMC Whitepaper

A Simple Platform for CUI Security

PreVeil Email and Drive are an encrypted cloud service to store and share CUI for NIST 800-171 and CMMC compliance. PreVeil significantly increases SPRS scores and is seamlessly integrated with an organization’s O365, Exchange or Google Workspace.

How PreVeil Helps you Meet CMMC & DFARS

Support for 102 out of 110 NIST 800-171 Controls

PreVeil’s File Sharing and Email platform enables contractors to protect CUI with end-to-end encryption and address 102 out of 110 NIST 800-171 controls. Contractors can achieve Zero Trust security for CUI and demonstrate substantial compliance with DFARS 7012 and CMMC.

System Security Plan (SSP) Documentation

A detailed SSP is essential to demonstrate compliance. PreVeil provides compliance documentation for an SSP that specifies how our platform -in conjunction with customer policies and procedures – supports 102 NIST 800-171 controls.

Meet DFARS 7019 & Raise your SPRS score

DFARS 7019 requires organizations to compute their NIST 800-171 compliance score and report it to the DoD’s SPRS database. By adopting PreVeil, contractors can significantly raise their SPRS score by over 80 points.

Meet FedRAMP, FIPS & DFARS 7012 (c-g)

In addition to NIST 800-171, PreVeil provides support for DFARS 7012 (c-g) Incident Reporting, meets FedRAMP Moderate Baseline Equivalent and uses FIPS 140-2 validated encryption modules to protect CUI.

PreVeil University

Includes supporting compliance artifacts, a video series detailing the 14 NIST 800-171 control families, and commentary from an authorized C3PAO.

Preferred Partners

We provide 1×1 support through your entire compliance journey – from prep to assessment through our network of CMMC consultants and auditors.

Why 1,000 of the Leading Defense Contractors Choose PreVeil

Easy to Deploy & Use

Deploys in hours using your existing email addresses and integrates with Outlook, Gmail, and all their usual workflows.

Save 75% vs Alternatives

Only users handling CUI require a low-cost, all-inclusive license.

Proven Solution

Defense contractors using PreVeil have received perfect 110/110 scores in rigorous DoD Audits (DIBCAC High and JSVA).

Defense Contractor Receives 110/110 Score in CMMC Joint Surveillance Assessment

A 300-employee defense contractor using PreVeil achieved a maximum 110/110 NIST 800-171 score in a rigorous audit conducted by C3PAOs under the Joint Surveillance Voluntary Assessment program (JSVA). The C3PAO intends to issue CMMC Level 2 Certifications once rulemaking establishes CMMC.

Read the Case Study

“PreVeil’s software is great and is very cost-effective for a small company like us”

Learn how PreVeil enabled Mechanical Engineering & Construction Corporation to get compliant, bid on government contracts that include CUI, and securely share the drawings with subcontractors, at a fraction of the cost of GCC High.

Read the Case Study

Get to Know the PreVeil Platform


PreVeil Drive

Encrypt, store and share files, on any device. Works with Windows Explorer, Mac Finder and on browsers.


Learn More About PreVeil Drive

PreVeil Email

Send and receive end-to-end encrypted emails using your existing email address from Outlook, Gmail, Apple Mail, PreVeil’s app or your browser.


Learn More About PreVeil Email

PreVeil comes with encrypted storage for your email and files containing CUI. All data is automatically stored on Amazon’s FedRAMP High GovCloud.

Encrypted Storage on Amazon GovCloud

Zero Trust Security

PreVeil implements NSA-recommended Zero Trust security and assumes a breach is inevitable. We secure all data using end-to-end encryption, making it useless to hackers. Information is only ever encrypted and decrypted on a user’s device -never on the server. It can also be recovered from a Ransomware attack. Organizations can restrict the flow of CUI to their trusted partners and suppliers.


Learn More About PreVeil Security

CMMC Compliance FAQs

How can I communicate securely with my upstream military agencies or Primes who do not have PreVeil?

PreVeil’s Email Gateway offers its customers a communication channel that enables them to seamlessly send and receive email with Primes or .mil personnel that are restricted from creating a free PreVeil account. Please reach out to PreVeil for more information.

Can I continue to use Commercial O365 or Gmail if I need to be CMMC compliant?

You can continue to use platforms like Commercial O365 and Gmail but they must be separated from your compliance boundary and not handle CUI.

How are CMMC Level 2 and NIST 800-171 related?

Under CMMC 2.0, requirements for the new Level 2 (Advanced)—the level comparable to the old CMMC Level 3—will be in complete alignment with NIST SP 800-171 security controls.

Can I use PreVeil to communicate with suppliers?

PreVeil is also an ideal tool for collaborating with suppliers. Contractors can set granular permissions such as read only or view only to maintain control and visibility over their data. They can revoke access anytime by unsharing. PreVeil can be downloaded for free by subcontractors. Primes can be assured their supply chain is compliant and secure.

Can I use PreVeil to manage ITAR data?

Yes, PreVeil can be used to manage ITAR data.

In PreVeil, data is secured using end-to-end encryption and FIPS 140-2 algorithms. Cloud service providers can never access the decryption keys since private keys are stored on the user device. We also store all ITAR data in AWS GovCloud datacenters, enabling easy compliance with data residency requirements.