Defense contractor GTSC successfully achieved CMMC compliance with a perfect 110 score in just 6 months using PreVeil and their existing commercial Microsoft 365 environment.

About GTSC

GTSC is a large organization consisting of four smaller companies with hundreds of employees, but only a small subset handles Controlled Unclassified Information (CUI). This made using the PreVeil enclave the perfect solution for protecting sensitive data while allowing the organization to continue operating as usual.

The Challenge

GTSC faced several significant challenges on their path to CMMC compliance: First, they wanted to get ahead of other companies competing for C3PAO assessments and to position themselves to be ready to bid on federal contracts requiring CMMC certification. They also needed to maintain their existing domain and email addresses; migrating everyone to GCC High would have been both costly and disruptive to their overall business.

GTSC’s CMMC Journey with PreVeil

Strategy

After consulting with their CMMC advisor (and PreVeil Preferred Partner) BDO, GTSC made the decision to deploy an enclave approach using PreVeil as their secure communications platform. They achieved considerable cost savings vs. moving the whole organization to GCC High, kept their existing domain, and deployed quickly with minimal disruption.

Implementation Process

Phase 1: Deploy PreVeil

Installed PreVeil’s secure email and file sharing on designated endpoints and began documentation process with BDO consultants

Phase 2: Secure Endpoints

Recognized that CUI-handling endpoints needed comprehensive security controls so they set up mobile device management (MDM) and implemented endpoint protection

Phase 3: Connect SIEM (Security Information and Event Management)

Determined that a SIEM solution was necessary for compliance so implemented one and connected it using PreVeil’s SIEM connector, enabling monitoring and alerting for the relevant CMMC controls

Phase 4: Assessment

First, conducted a mock assessment with BDO, which proved very valuable; then refined documentation based on the findings. GTSC worked with Cybersec Investments as their C3PAO and successfully passed assessment with a perfect 110 score

Key PreVeil Advantages for CMMC

GTSC’s success demonstrates how PreVeil delivers exceptional value for organizations seeking CMMC compliance:

Affordability

PreVeil provided an economical solution to ensure GTSC could protect CUI with minimal additional infrastructure investment

Business Continuity

Maintained existing domain and email addresses with no disruption to day-to-day business operations

Rapid Implementation

Quickly established a secure CUI environment and achieved full CMMC compliance with 6 months of focused implementation

Comprehensive Documentation

PreVeil’s shared responsibility matrix clearly defined which security controls were PreVeil’s responsibility versus the client’s responsibility

Excellent Support

Support team assisted with onboarding and SIEM integration and the compliance team provided guidance on the implementation of security controls

Integrations

PreVeil seamlessly connected with Microsoft 365 commercial environment and alerting system for security monitoring

Business Growth

Now positioned to bid on larger projects requiring CMMC certification

Technology Stack

  • PreVeil for secure email and file sharing
  • Microsoft 365 Commercial suite
    • Endpoint management
    • Endpoint threat protection
    • Identity management
    • SIEM solution integrated using PreVeil SIEM Connector

5 Key Learnings & Recommendations

Drawing from GTSC’s successful journey, here are their top recommendations for organizations pursuing CMMC certification with PreVeil:

  1. Deploy an enclave approach to limit scope, saving money & time
  2. Plan for endpoint security from day one
  3. Implement a SIEM
  4. Lock down printing & ensure downloads go to secure PreVeil folders
  5. Leverage mock assessments 

Conclusion

GTSC’s achievement of CMMC with a perfect 110 score demonstrates the power of PreVeil’s proven solution. Their enclave approach avoided a costly & disruptive GCC High migration while positioning GTSC to compete for future contracts that include the CMMC certification requirement. Their success further validates PreVeil’s simple and affordable CMMC solution, trusted by thousands of defense contractors seeking competitive advantage in the federal marketplace.