The Challenge: Increased Regulatory Pressure + Security Gaps
LSI’s initial assessment score wasn’t surprising—but it was humbling. “We got a minus 71, but we had no idea what the scale even was,” recalled Dave Jackson, Director of Technology at LSI. “Being engineers, you’ve got to give me a scale before I can tell you if I’m good or bad.”
Urgency increased as LSI began pursuing DoD-adjacent opportunities, including work tied to the Army Corps of Engineers and national laboratories. By early 2025, CMMC language began appearing directly in RFPs, requiring bidders to enter a CMMC score as part of the proposal process.
With no updated assessment available, LSI submitted its existing -71. “Come to find out, we were probably the only ones that bid that even had a score,” Jackson said. “Minus 71 is better than not even being able to enter anything.” The question became: how can LSI deploy a compliant CUI enclave with minimal disruption to existing workflows?
The Solution: CUI Enclave + PreVeil-partnered MSSP
LSI adopted PreVeil as the foundation of its CUI enclave, deploying it alongside their existing Microsoft environment. This approach gave LSI a clear, auditable boundary for CUI handling without rearchitecting its infrastructure or changing how teams worked day to day.
By enforcing a PreVeil-only CUI intake policy and controlling how CUI flowed through their network, LSI sharply narrowed their assessment scope. PreVeil’s encrypted email and file sharing became the single, controlled path for CUI, simplifying both implementation and evidence collection.
LSI paired this scoped approach with PreVeil-preferred partner MAD Security as their MSSP. MAD provided readiness guidance, ongoing monitoring, and SOC support, ensuring controls were documented and consistently enforced in practice.
With scope disciplined, technology aligned, and partners working from a shared model, LSI entered its assessment with clarity and confidence—turning what could have been a complex compliance effort into a predictable, low-friction process.
Technology Stack:
- PreVeil: Secure email and file sharing; sole CUI intake path and core of the enclave
- Microsoft GCC: Existing tenant used for commercial and internal operations
- Meraki firewall: Reused from existing IT inventory for compliant networking
- Physical security controls: Locked cabinets, badge checks, visitor sign-in procedures
- MAD Security (MSSP): Continuous monitoring, log retention, and incident readiness
The Result: Smooth Assessment + Perfect Score
Final Score:
110/110
CMMC Level 2 Certification Score
With scope locked and PreVeil serving as the clear boundary for CUI, LSI focused on documentation and evidence alignment. Policies came first, followed by procedures and proof—screenshots, logs, and live demonstrations mapped directly to their SSP—backed by PreVeil’s Shared Responsibility Matrix (SRM).
When assessors from Sentar arrived, the benefits of strict scoping and a PreVeil-centered enclave were immediately apparent. Controls were reviewed sequentially, evidence was readily available, and on-site validation largely consisted of confirming that the enclave matched what had been documented.
“When we said it was PreVeil and this is how we receive our CUI, there wasn’t really a lot of other questions—they were familiar with all that.“
Marty Taylor
VP of Technology, LSI
LSI completed its CMMC assessment with a perfect 110/110 score, demonstrating how a narrowly scoped enclave—anchored by PreVeil and supported by experienced partners—can transform CMMC compliance from a complex undertaking into a manageable, repeatable process.
