The Challenge: Racing Against Contracts
Envision faced a perfect storm of compliance challenges when pursuing CMMC certification:
- Compliant cloud storage: Envision needed a FedRAMP cloud environment to host CUI data
- Prohibitive GCC High costs: A consultant quoted over $200,000 to set up GCC High
- Incomplete documentation: Previous consultant provided “boilerplate” materials that lacked the granularity needed to meet assessment standards
- Contract Timeline Pressure: CMMC certification would provide competitive advantage for the Army MAPS contract, scheduled for early 2025
“We came out of the original gap analysis with a reality check… We were very, very unprepared.”
Jonathan Carr
Director of Technology & CISO
The Solution: PreVeil Enclave
Envision used PreVeil to create a secure enclave covering just the 33 endpoints that handle CUI— perfect for their hybrid workforce, where 70% of employees work with government-furnished equipment (GFE).
Seamlessly integrating with existing Microsoft 365 operations, it allowed non-CUI work to continue unchanged while keeping CUI data in a FedRAMP-compliant environment—enabling quick deployment without disrupting operations.
“We knew we had to get our data into a FedRAMP compliant cloud and it basically came down to PreVeil and GCC High. We got the GCC High quote and it was just crazy: It was over $200,000 for 33 users…the PreVeil quote was 1/10th of that. We were really impressed in the demo—it checked so many of the boxes, so that’s the route we went”
Jonathan Carr
Director of Technology & CISO
Technology Stack Integration:
- PreVeil: Secure file sharing and communication for CUI
- Duo Federal: Multi-factor authentication across all systems
- Sonic Capture Client: Endpoint anti-virus/anti-malware
- SentinelOne: Endpoint Detection and Response (EDR)
- SonicWall: Firewall appliances and network security
- Rocket Cyber: Managed Detection and Response (MDR), and SIEM services, connected through PreVeil’s SIEM connector for comprehensive monitoring and alerts
- Proofpoint: Email security and protection
Strategic Partners:
- C3PAO Assessment: Steel Toad provided professional C3PAO assessment services with clear communication of requirements.
- Documentation: Used PreVeil’s Shared Responsibility Matrix to understand which of the NIST 800-171 controls and objectives are met by PreVeil, are a joint responsibility, or are the customer’s responsibility. Lightspeed helped write and customize the remaining CMMC documentation.
Results: Perfect Score and Competitive Advantage
Final Score:
110/110
CMMC Level 2 Certification Score
Cost Savings:
$180k+
Savings vs. GCC High alternative (90%+ reduction)
Competitive
Positioning
Ready for Army MAPS and future CMMC-required contracts
Operational
Continuity
No disruption to mixed reality development or existing contracts
Get Started with CMMC Compliance
Envision’s transformation from original pre-assessment score to 110/110 certification demonstrates that CMMC compliance is achievable with the right approach and technology partners.
PreVeil provides a clear path to CMMC compliance solution for defense contractors, proven in over 25 CMMC assessments at a fraction of the cost of traditional GCC High implementations.