Defense contractor GTSC successfully achieved CMMC compliance with a perfect 110 score in just 6 months using PreVeil and their existing commercial Microsoft 365 environment.

About GTSC

GTSC is a large organization consisting of four smaller companies with hundreds of employees, but only a small subset handles Controlled Unclassified Information (CUI). This made using the PreVeil enclave the perfect solution for protecting sensitive data while allowing the organization to continue operating as usual.

The Challenge

GTSC faced several significant challenges on their path to CMMC compliance:

  • They wanted to get ahead of other companies competing for C3PAO assessments and to position themselves to be ready to bid on federal contracts requiring CMMC certification.
  • They needed to maintain their existing domain and email addresses; therefore, migrating everyone to GCC High would not have only been costly but it would have been disruptive to their overall business plan.

GTSC’s CMMC Journey with PreVeil

Strategy

After consulting with their CMMC advisor (and PreVeil Preferred Partner) BDO, GTSC made the decision to deploy an enclave approach using PreVeil as their secure communications platform. They achieved considerable cost savings vs. moving the whole organization to GCC High, kept their existing domain, and deployed quickly with minimal disruption.

Implementation Process

Phase 1: Deploy PreVeil

  • Installed PreVeil on designated endpoints
  • Began documentation process with BDO consultants
  • Initially focused on PreVeil’s secure email and file sharing capabilities

Phase 2: Secure Endpoints

  • Recognized that CUI-handling endpoints needed comprehensive security controls
  • Set up Mobile Device Management (MDM)
  • Implemented Endpoint protection
  • Removed non-compliant applications like Zoom and remote support tools

Phase 3: Add SIEM (Security Information and Event Management)

  • Determined that a SIEM solution was necessary for compliance
  • Select and implement a SIEM solution
  • Connected PreVeil to SIEM using PreVeil’s SIEM connector
  • Enabled monitoring for the identified CMMC controls
  • Set up comprehensive alerting for security events

Phase 4: Final Preparation and Assessment

  • Conducted a mock assessment with BDO, which proved very valuable
  • Refined documentation based on mock assessment findings
  • Worked with Cybersec Investments as their C3PAO (CMMC Third Party Assessment Organization). The cost was flat fee, which made budgeting for CMMC certification so much easier
  • Successfully passed assessment with a perfect 110 score

Key PreVeil Advantages for CMMC

GTSC’s success demonstrates how PreVeil delivers exceptional value for organizations seeking CMMC compliance:

  1. Affordability
    • PreVeil provided an economic solution to ensure GTSC could protect CUI. 
    • Minimal additional infrastructure investment
  2. Business Continuity
    • Maintained existing domain and email addresses
    • No disruption to day-to-day business operations
  3. Rapid Implementation
    • Quickly established a secure CUI environment
    • Achieved full CMMC compliance with 6 months of focused implementation
  4. Comprehensive Documentation
    • PreVeil’s shared responsibility matrix clearly defined which security controls were PreVeil’s responsibility versus the client’s responsibility
  5. Excellent Support
    • Support team assisted with onboarding and SIEM integration
    • The compliance team provided guidance on security controls implementation
  6. Integrations
    • PreVeil seamlessly connected with Microsoft 365 commercial environment and alerting system for security monitoring
  7. Business Growth
    • Now positioned to bid on larger projects requiring CMMC certification

Technology Stack

  • PreVeil for secure email and file sharing
  • Microsoft 365 Commercial suite
  • Endpoint management
  • Endpoint threat protection
  • SIEM solution integrated using PreVeil SIEM Connector
  • Identity management

5 Key Learnings & Recommendations

Drawing from GTSC’s successful journey, here are their top recommendations for organizations pursuing CMMC certification with PreVeil:

  1. Deploy an Enclave Approach to Limit Scope, Saving Money & Time
  2. Plan for Endpoint Security from Day One
  3. Implement a SIEM
  4. Lock Down Printing & Ensure Downloads go to Secure PreVeil Folders
  5. Leverage Mock Assessments 

Conclusion

GTSC’s achievement of CMMC with a perfect 110 score demonstrates the power of PreVeil’s proven solution. Their enclave approach avoided a costly & disruptive GCC High migration while positioning GTSC to compete for future contracts that include the CMMC certification requirement. Their success further validates PreVeil’s simple and affordable CMMC solution, trusted by thousands of defense contractors seeking competitive advantage in the federal marketplace.