CMMC Compliance in Gmail with PreVeil

January 10, 2024

The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) framework will become law by the end of 2024 and in contracts in Q1 2025, according to the DoD CIO.

Even before that, any defense contractors with Controlled Unclassified Information (CUI) in their contracts need to meet existing compliance requirements like DFARS 7012.

CMMC Level 2

CMMC Level 2 (advanced) applies to the 80,000 organizations that handle CUI. It aligns with the existing DFARS 7012 requirement by mandating that CUI be protected using the 110 controls defined in NIST SP 800-171.

Achieving CMMC Level 2 compliance with Google Workspace

Given its lack of cybersecurity controls, it is clear that Google Workspace is not CMMC compliant. But that doesn’t mean your company has to go through a time consuming or costly disruption to switch to another communication and collaboration service. Instead, there’s a more secure, easier, and less expensive path to CMMC compliance: PreVeil Email and Drive, which can be layered over Google Workspace.

PreVeil’s security architecture was built on Zero Trust principles, grounded in world-class end-to-end encryption. With PreVeil, email, files and data are never decrypted on any server anywhere. Even PreVeil’s servers can’t see your data. If attackers breach a server, all they will get is useless gibberish.

PreVeil provides end-to-end encryption for email and file sharing at a fraction of the cost of alternatives. PreVeil needs to be deployed only to your employees who handle CUI, whereas alternatives require deployment across an entire organization. And as explained below, PreVeil makes configuration and deployment simple and inexpensive, with no need to rip and replace your existing infrastructure. Your employees don’t even need to change their Gmail address.

PreVeil’s straightforward solutions also help you avoid expensive CMMC consultant engagements, which are par for the course for alternatives to CMMC compliance.

In short, you can continue to use Google Workspace and comply with CMMC requirements by leveraging technological advances that enable end-to-end encryption and other CMMC-mandated security controls.

PreVeil Email Integrates with Gmail

PreVeil Email, as demonstrated in the video below, lets your employees send and receive encrypted emails containing CUI using their existing Gmail address, all while maintaining CMMC Level 2 compliance. It integrates seamlessly with Gmail, and works on browsers and mobile devices. The installation process automatically creates a new set of mailboxes for your encrypted messages. Messages in these new mailboxes are encrypted and stored on PreVeil’s servers. There are no changes to the mailboxes already in your mail program and no impact on the servers that store your regular, unsecured messages.

PreVeil Email: Video demonstration

PreVeil Drive Integrates with Windows File Explorer + Mac Finder

PreVeil Drive, as demonstrated in the video below, enables end-to-end encrypted file sharing and storage of CUI that is CMMC Level 2 compliant. Users can access files stored on PreVeil Drive from any of their devices, or share files with other users who have the appropriate access permissions through PreVeil’s Trusted Communities. Unlike Google Drive which always has access to your data, only you and the people with whom you’ve explicitly shared files can decrypt them. PreVeil Drive is easy to use and automatically integrates with Windows File Explorer and Mac Finder and has no impact on your existing file servers. It’s available for Windows, Mac and, with PreVeil’s mobile app, for iPads and smartphones as well.

PreVeil Drive: Video demonstration

All DoD contractors, regardless of size, will soon need to comply with CMMC requirements. To help you do so, PreVeil leverages a fundamentally better security paradigm. But better security isn’t enough. If security is difficult to use, it won’t be used. To be effective, security must be as frictionless as possible. PreVeil was created with this principle in mind so that all your security objectives, including CMMC compliance, will be met.

PreVeil’s CMMC white paper -downloaded more than 5,000 times by defense contractors- presents detailed information on what your company needs to do to comply with CMMC and, likewise, work with the DoD. Our aim is to make that process as seamless and affordable as possible while providing unparalleled security.

To learn more about PreVeil and how your company can get started with CMMC compliance, contact us.

Author

Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP

Noël Vestal is PreVeil's Compliance Officer and CMMC Certified Professional (CCP) with over 15 years in DoD IT program management. She implemented the NIST 800-171/CMMC Level 2 compliance program for an OSC member of the DIB. She has her M.S. in Information Technology and holds certifications from the CMMC Accreditation Body (CyberAB), Project Management Professional (PMP), and CompTIA’s Security + certification.

Orlee Berlove has been a marketing leader for over 25 years, and is currently the Senior Director of Marketing at PreVeil. She has her Masters of Engineering, Operations Research and her Bachelor of Arts from Cornell University.

Related Blog

See All Blog

November 12, 2024

6 Ways to Save Money on CMMC Costs

CMMC

October 25, 2024

Top Cybersecurity Events

October 17, 2024

The CMMC Final Rule is Published: What Contractors Need to Know

CMMC

PreVeil Enables CMMC Level 2 Compliance with Google Workspace

By: Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP