NIST 800-171 Compliance Simplified

The federal government requires organizations handling Controlled Unclassified Information (CUI) to comply with NIST 800-171. There are 110 controls in NIST 800-171 and they are also included in CMMC Level 3. Popular email and file sharing systems like O365, Google Workspace and Dropbox are not compliant with NIST 800-171 requirements for storing and sharing CUI.
PreVeil Email and Drive are a simple, inexpensive, and secure solution for storing and sharing CUI. Organizations can achieve NIST 800-171 and CMMC Level 3 compliance by using PreVeil in conjunction with appropriate policies and procedures, without giving up their existing O365, Exchange or Google Workspace solutions.

We Provide The Three Essential Elements to Simplify Compliance:

A Cloud Platform to Secure, Store & Share CUI

PreVeil’s Email and Drive platform enable an organization to encrypt, store and share CUI in compliance with NIST 800-171, CMMC and DFARS 252.204-7012 regulations.
Organizations can easily add PreVeil to their existing IT environments, dramatically reducing the time and expense required to achieve compliance.

A System Security Plan Template

PreVeil provides a detailed SSP to help organizations avoid the significant time, cost and complexity of developing compliance documentation from scratch.
Our SSP was created by leading compliance experts. It provides compliance language for the 80+ NIST 800-171 controls PreVeil supports. It also includes detailed policies and procedures to expedite an organization’s compliance journey.

Compliance Consulting

Most organizations will require compliance and IT expertise to meet the NIST 800-171 requirements. PreVeil’s network of 100s of MSPs and MSSPs can help your organization prepare for a successful audit.
PreVeil’s consulting partners have enabled organizations to achieve outstanding NIST 800-171 audit results.

See how PreVeil helps contractors boost their NIST 800-171 score.


Download our Whitepaper

Why Leading Defense Contractors Choose PreVeil


PreVeil is a fraction of the cost of alternatives because only users handling CUI require a low-cost, all inclusive PreVeil license. An organization’s suppliers and partners can join for free.

Easy to deploy

While other platforms require you to rip your IT infrastructure and replace it with complex solutions, PreVeil deploys quickly without changing your existing systems and saves months of effort and expense.


PreVeil’s Email and File Sharing platform are FedRamp Moderate Baseline Equivalent, use FIPS 140-2 validated encryption and comply with DFARS 252.204- c-g

Case Study: Exceptional NIST 800-171 Score. CMMC Ready.

Dr. Jose Neto, CMMC-AB Provisional Assessor, helped a leading defense contractor build an effective NIST 800-171 compliance program by using PreVeil to protect their CUI.
The contractor achieved a near-perfect NIST 800-171 audit score after a rigorous Department of Defense audit. They met 109 of the 110 controls and are now well-prepared to meet the 130 controls required by CMMC Level 3.


Read the Case Study

Get to Know the PreVeil Platform

PreVeil Drive

PreVeil Drive lets you encrypt, store and share files containing CUI. Simply drag and drop your files and folders into PreVeil Drive and they will be automatically encrypted and stored in the cloud. Access them from any mobile device, tablet or computer. Securely share and collaborate with suppliers and partners. Works with Windows Explorer, Mac Finder and on browsers.


Learn More About PreVeil Drive

PreVeil Email

PreVeil is an encrypted email service, compliant with NIST 800-171 requirements for the communication and storage of CUI. It adds an encrypted mailbox to a user’s existing Outlook or Gmail account. Users can send and receive emails just like they are used to while continuing to use their existing email address.


Learn More About PreVeil Email

Unlimited Storage on Amazon GovCloud

PreVeil comes with unlimited storage for your email and files containing CUI. All data is automatically stored on Amazon’s GovCloud for a fixed $30 per month.

Zero Trust Security

Unlike existing file sharing and email services, PreVeil assumes a breach is inevitable but protects your CUI anyway.
All user data is secured using end-to-end encryption, which means that the information is only ever encrypted and decrypted on a user’s device -never on the server. CUI cannot be accessed with stolen passwords nor by using a compromised administrator’s credentials. An organization can also restrict the flow of CUI to their trusted partners and suppliers.


Learn More About PreVeil Security

NIST 800-171 Compliance FAQs

How can I communicate securely with my upstream military agencies or Primes who do not have PreVeil?

PreVeil’s Email Gateway offers its customers a communication channel that enables them to seamlessly send and receive email with Primes or .mil personnel that are restricted from creating a free PreVeil account. Please reach out to PreVeil for more information.

Can I continue to use Commercial O365 or Gmail ifa I need to be CMMC compliant?

You can continue to use platforms like Commercial O365 and Gmail but they must be separated from your compliance boundary and not handle CUI.

How are NIST 800-171 and CMMC Level 3 related?

CMMC Level 3 is built on the foundation of the 110 controls in NIST 800-171. Until a CMMC compliance requirement is rolled out into a specific contract, organizations are expected to meet the requirements spelled out in NIST 800-171.

The DFARS Interim Rule, passed in late 2020, specifically tells companies that they are required to self-assess their current cybersecurity capabilities under NIST 800-171 and report their SPRS score to the DoD. Contractors will either indicate that they meet all 110 security controls or must have a Plan of Actions and Milestones (POAM) which indicates their plan to do so.

Can I use PreVeil to communicate with suppliers?

PreVeil is also an ideal tool for collaborating with suppliers. Contractors can set granular permissions such as read only or view only to maintain control and visibility over their data. They can revoke access anytime by unsharing. PreVeil can be downloaded for free by subcontractors. Primes can be assured their supply chain is compliant and secure.

Can I use PreVeil to manage ITAR data?

Yes, PreVeil can be used to manage ITAR data.

In PreVeil, data is secured using end-to-end encryption and FIPS 140-2 algorithms. Cloud service providers can never access the decryption keys since private keys are stored on the user device. We also store all ITAR data in AWS GovCloud datacenters, enabling easy compliance with data residency requirements.