Defense contractor GTSC successfully achieved CMMC compliance with a perfect 110 score in just 6 months using PreVeil and their existing commercial Microsoft 365 environment.
About GTSC
GTSC is a large organization consisting of four smaller companies with hundreds of employees, but only a small subset handles Controlled Unclassified Information (CUI). This made using the PreVeil enclave the perfect solution for protecting sensitive data while allowing the organization to continue operating as usual.

The Challenge
GTSC faced several significant challenges on their path to CMMC compliance: First, they wanted to get ahead of other companies competing for C3PAO assessments and to position themselves to be ready to bid on federal contracts requiring CMMC certification. They also needed to maintain their existing domain and email addresses; migrating everyone to GCC High would have been both costly and disruptive to their overall business.
GTSC’s CMMC Journey with PreVeil
Strategy
After consulting with their CMMC advisor (and PreVeil Preferred Partner) BDO, GTSC made the decision to deploy an enclave approach using PreVeil as their secure communications platform. They achieved considerable cost savings vs. moving the whole organization to GCC High, kept their existing domain, and deployed quickly with minimal disruption.

Implementation Process
Phase 1: Deploy PreVeil
Installed PreVeil’s secure email and file sharing on designated endpoints and began documentation process with BDO consultants
Phase 2: Secure Endpoints
Recognized that CUI-handling endpoints needed comprehensive security controls so they set up mobile device management (MDM) and implemented endpoint protection
Phase 3: Connect SIEM (Security Information and Event Management)
Determined that a SIEM solution was necessary for compliance so implemented one and connected it using PreVeil’s SIEM connector, enabling monitoring and alerting for the relevant CMMC controls
Phase 4: Assessment
First, conducted a mock assessment with BDO, which proved very valuable; then refined documentation based on the findings. GTSC worked with Cybersec Investments as their C3PAO and successfully passed assessment with a perfect 110 score
Key PreVeil Advantages for CMMC
GTSC’s success demonstrates how PreVeil delivers exceptional value for organizations seeking CMMC compliance:
Affordability
PreVeil provided an economical solution to ensure GTSC could protect CUI with minimal additional infrastructure investment
Business Continuity
Maintained existing domain and email addresses with no disruption to day-to-day business operations
Rapid Implementation
Quickly established a secure CUI environment and achieved full CMMC compliance with 6 months of focused implementation
Comprehensive Documentation
PreVeil’s shared responsibility matrix clearly defined which security controls were PreVeil’s responsibility versus the client’s responsibility
Excellent Support
Support team assisted with onboarding and SIEM integration and the compliance team provided guidance on the implementation of security controls
Integrations
PreVeil seamlessly connected with Microsoft 365 commercial environment and alerting system for security monitoring
Business Growth
Now positioned to bid on larger projects requiring CMMC certification
Technology Stack
- PreVeil for secure email and file sharing
- Microsoft 365 Commercial suite
- Endpoint management
- Endpoint threat protection
- Identity management
- SIEM solution integrated using PreVeil SIEM Connector
5 Key Learnings & Recommendations
Drawing from GTSC’s successful journey, here are their top recommendations for organizations pursuing CMMC certification with PreVeil:
- Deploy an enclave approach to limit scope, saving money & time
- Plan for endpoint security from day one
- Implement a SIEM
- Lock down printing & ensure downloads go to secure PreVeil folders
- Leverage mock assessments
Conclusion
GTSC’s achievement of CMMC with a perfect 110 score demonstrates the power of PreVeil’s proven solution. Their enclave approach avoided a costly & disruptive GCC High migration while positioning GTSC to compete for future contracts that include the CMMC certification requirement. Their success further validates PreVeil’s simple and affordable CMMC solution, trusted by thousands of defense contractors seeking competitive advantage in the federal marketplace.