About GTSC

GTSC is a large organization consisting of four smaller companies with hundreds of employees, but only a small subset handles Controlled Unclassified Information (CUI). This made using the PreVeil enclave the perfect solution for protecting sensitive data while allowing the organization to continue operating as usual.

The Challenge

GTSC faced several significant challenges on their path to CMMC compliance: First, they wanted to get ahead of other companies competing for C3PAO assessments and to position themselves to be ready to bid on federal contracts requiring CMMC certification. They also needed to maintain their existing domain and email addresses; migrating everyone to GCC High would have been both costly and disruptive to their overall business.

GTSC’s CMMC Journey with PreVeil

Strategy

After consulting with their CMMC advisor (and PreVeil Preferred Partner) BDO, GTSC made the decision to deploy an enclave approach using PreVeil as their secure communications platform. They achieved considerable cost savings vs. moving the whole organization to GCC High, kept their existing domain, and deployed quickly with minimal disruption.

Implementation Process

Installed PreVeil’s secure email and file sharing on designated endpoints and began documentation process with BDO consultants

Recognized that CUI-handling endpoints needed comprehensive security controls so they set up mobile device management (MDM) and implemented endpoint protection

Determined that a SIEM solution was necessary for compliance so implemented one and connected it using PreVeil’s SIEM connector, enabling monitoring and alerting for the relevant CMMC controls

First, conducted a mock assessment with BDO, which proved very valuable; then refined documentation based on the findings. GTSC worked with Cybersec Investments as their C3PAO and successfully passed assessment with a perfect 110 score

Key PreVeil Advantages for CMMC

GTSC’s success demonstrates how PreVeil delivers exceptional value for organizations seeking CMMC compliance:

PreVeil provided an economical solution to ensure GTSC could protect CUI with minimal additional infrastructure investment

Maintained existing domain and email addresses with no disruption to day-to-day business operations

Quickly established a secure CUI environment and achieved full CMMC compliance with 6 months of focused implementation

PreVeil’s shared responsibility matrix clearly defined which security controls were PreVeil’s responsibility versus the client’s responsibility

Support team assisted with onboarding and SIEM integration and the compliance team provided guidance on the implementation of security controls

PreVeil seamlessly connected with Microsoft 365 commercial environment and alerting system for security monitoring

Now positioned to bid on larger projects requiring CMMC certification

Technology Stack

  • PreVeil for secure email and file sharing
  • Microsoft 365 Commercial suite
    • Endpoint management
    • Endpoint threat protection
    • Identity management
    • SIEM solution integrated using PreVeil SIEM Connector

5 Key Learnings & Recommendations

Drawing from GTSC’s successful journey, here are their top recommendations for organizations pursuing CMMC certification with PreVeil:

  1. Deploy an enclave approach to limit scope, saving money & time
  2. Plan for endpoint security from day one
  3. Implement a SIEM
  4. Lock down printing & ensure downloads go to secure PreVeil folders
  5. Leverage mock assessments 

Conclusion

GTSC’s achievement of CMMC with a perfect 110 score demonstrates the power of PreVeil’s proven solution. Their enclave approach avoided a costly & disruptive GCC High migration while positioning GTSC to compete for future contracts that include the CMMC certification requirement. Their success further validates PreVeil’s simple and affordable CMMC solution, trusted by thousands of defense contractors seeking competitive advantage in the federal marketplace.