The Leading CMMC Compliance Solution
Trusted by over 1,000 defense contractors. Simple to deploy.
Easy to use. Save 60% vs alternatives.
PreVeil’s 3 Part Solution for CMMC & DFARS Compliance
CMMC & DFARS Compliance Mandates Today
If you process Controlled Unclassified Information (CUI), you are currently required to meet NIST 800-171/ DFARS 7012. Protect your business from penalties and contract loss.
Platform
Email & Drive file collaboration protect CUI with end-to-end encryption. Meets FedRAMP, FIPS 140-2, and DFARS 7012 c-g.
Documentation
All the templates, definitions and training videos for you to customize and fully document your program with PreVeil.
Partner Network
Support through your entire compliance journey- from prep to assessment- through our compliance team & network of CMMC consultants & auditors.
FedRAMP Moderate Equivalent
PreVeil is the first company to fully meet the stringent, updated DoD requirements for FedRAMP Moderate Equivalent. The DoD’s assessment entity, DIBCAC, alongside the CMMC Program Office, have established our Equivalency through an in-depth analysis of the Body of Evidence (BOE) we provided. We have 100% compliance with FedRAMP Moderate baseline controls and zero POA&Ms. Since FedRAMP is an essential requirement for CUI in the cloud, customers can be confident in their ability to be CMMC and DFARS compliant with PreVeil.
A Simple Platform for CUI Security
PreVeil Email and Drive are an encrypted cloud service to store and share CUI for NIST 800-171 and CMMC compliance. PreVeil significantly increases SPRS scores and is seamlessly integrated with an organization’s O365, Exchange or Google Workspace.
How PreVeil Helps you Meet CMMC & DFARS
Support for 102 out of 110 NIST 800-171 Controls
PreVeil’s File Sharing and Email platform enables contractors to protect CUI with end-to-end encryption and supports 102 out of 110 NIST 800-171 controls. Contractors can achieve Zero Trust security for CUI and demonstrate substantial compliance with DFARS 7012 and CMMC.
System Security Plan (SSP) Documentation
A detailed SSP is essential to demonstrate compliance. PreVeil provides a templated, self-service SSP that specifies how our platform- in conjunction with customer policies and procedures- supports 102 NIST 800-171 controls.
Meet DFARS 7019 & Raise your SPRS score
DFARS 7019 requires organizations to compute their NIST 800-171 compliance score and report it to the DoD’s SPRS database. By adopting our 3-part solution, this PreVeil customer increased their SPRS score by over 80 points.
Meet FedRAMP, FIPS & DFARS 7012 (c-g)
In addition to NIST 800-171, PreVeil provides support for DFARS 7012 (c-g) Incident Reporting, meets FedRAMP Moderate Baseline Equivalent and uses FIPS 140-2 validated encryption modules to protect CUI.
PreVeil University
Includes supporting compliance artifacts, a video series detailing the 14 NIST 800-171 control families, and commentary from an authorized C3PAO.
Preferred Partners
We provide 1×1 support through your entire compliance journey – from prep to assessment through our network of CMMC consultants and auditors.
Why Leading Defense Contractors Use PreVeil
Easy to Deploy & Use
Deploys in hours using your existing email addresses and integrates with Outlook, Gmail, and all their usual workflows.
Save 60% vs Alternatives
Only users handling CUI require a low-cost, all-inclusive license.
Proven Solution
Defense contractors using PreVeil have received perfect 110/110 scores in rigorous DoD Audits (DIBCAC High and JSVA).
Defense Contractor Receives 110/110 Score in CMMC Joint Surveillance Assessment
A 300-employee defense contractor using PreVeil achieved a maximum 110/110 NIST 800-171 score in a rigorous audit conducted by C3PAOs under the Joint Surveillance Voluntary Assessment program (JSVA). The C3PAO intends to issue CMMC Level 2 Certifications once rulemaking establishes CMMC.
We’re leaps and bounds ahead of where we would have been if we hadn’t gone with PreVeil’s policies and procedures. I look at what we wrote before PreVeil and it was barebones; what PreVeil offered was much more detailed which is something I’m really happy with because when we deal with auditors, the more information we can share with them the better.
Kelly Smith
Director of Business Administration MEC2
If you process Controlled Unclassified Information (CUI), you are currently required to meet NIST 800-171/DFARS 7012. Protect your business from penalties and contract loss.
Get to Know the PreVeil Platform
PreVeil implements Zero Trust security. Information is only encrypted and decrypted on a user’s device – never on the server – making it useless to attackers if hacked.
PreVeil Drive
Encrypt, store and share files, on any device. Works with Windows Explorer, Mac Finder and on browsers.
PreVeil Email
Send and receive end-to-end encrypted emails using your existing email address from Outlook, Gmail, Apple Mail, PreVeil’s app or your browser.
Encrypted Storage on Amazon GovCloud
PreVeil comes with encrypted storage for your email and files containing CUI. All data is automatically stored on Amazon’s FedRAMP High GovCloud.
Zero Trust Security
PreVeil implements NSA-recommended Zero Trust security and assumes a breach is inevitable. We secure all data using end-to-end encryption, making it useless to hackers. Information is only ever encrypted and decrypted on a user’s device -never on the server. It can also be recovered from a Ransomware attack. Organizations can restrict the flow of CUI to their trusted partners and suppliers.
CMMC Compliance FAQs
How can I communicate securely with my upstream military agencies or Primes who do not have PreVeil?
PreVeil’s Email Gateway offers its customers a communication channel that enables them to seamlessly send and receive email with Primes or .mil personnel that are restricted from creating a free PreVeil account. Please reach out to PreVeil for more information.
Can I continue to use Commercial O365 or Gmail if I need to be CMMC compliant?
You can continue to use platforms like Commercial O365 and Gmail but they must be separated from your compliance boundary and not handle CUI.
How are CMMC Level 2 and NIST 800-171 related?
Under CMMC 2.0, requirements for the new Level 2 (Advanced)—the level comparable to the old CMMC Level 3—will be in complete alignment with NIST SP 800-171 security controls.
Can I use PreVeil to communicate with suppliers?
PreVeil is also an ideal tool for collaborating with suppliers. Contractors can set granular permissions such as read only or view only to maintain control and visibility over their data. They can revoke access anytime by unsharing. PreVeil can be downloaded for free by subcontractors. Primes can be assured their supply chain is compliant and secure.
Can I use PreVeil to manage ITAR data?
Yes, PreVeil can be used to manage ITAR data.
In PreVeil, data is secured using end-to-end encryption and FIPS 140-2 algorithms. Cloud service providers can never access the decryption keys since private keys are stored on the user device. We also store all ITAR data in AWS GovCloud datacenters, enabling easy compliance with data residency requirements.
