Defense contractors understand the need to secure Controlled Unclassified Information (CUI) throughout its lifecycle. While email and file sharing solutions like PreVeil provide robust protection for data in transit and storage, securing the endpoints that access this data—your laptops, desktops, and mobile devices—is equally critical for CMMC compliance.

The good news? Implementing strong endpoint security is straightforward, and you likely already have the necessary tools at your disposal to protect the CUI that touches your endpoints. In this blog, we’ll walk through a practical example of how to configure your endpoint security tools to meet CMMC & NIST 800-171 requirements effectively and efficiently. 

Endpoint Requirements: A Universal Need

Even if your organization uses GCC High or a Virtual Desktop Infrastructure (VDI), implementing endpoint security controls remains essential. While VDIs reduce the need to secure multiple endpoints, the virtual environment in use still requires protection. The good news is that achieving CMMC compliance doesn’t require such costly solutions. PreVeil, in combination with proper configuration of existing security tools, is a proven path that over 15 defense contractors have used to achieve CMMC compliance with perfect 110 scores on DoD assessments.

Getting Started

Organizations must first deploy a basic productivity suite to their computer – the good news is you likely already have this in place. Most PreVeil customers use Microsoft 365 Business Standard or Business Premium to provide this essential structure. However, it’s important to recognize that these are foundational packages—additional security measures (detailed below) are required to fully meet CMMC endpoint security requirements.

Note that since Microsoft offers many productivity suite packages, organizations should review their existing subscriptions to determine whether they already include the security solutions noted below before making new purchases.

Essential Endpoint Security Measures

Once a productivity suite is in place, the next step is to implement critical security controls, including Multi-Factor Authentication (MFA), Data Loss Prevention (DLP), and advanced antivirus protection.

Multiple solutions can provide these protections- read this blog for all approved vendors.

This blog assumes the technology build of a typical defense contractor who is relying on Microsoft 365 Business Standard. They chose Microsoft Defender for Endpoint P2 (included with many packages) and Microsoft Enterprise Mobility and Security packages to manage their endpoint protection.

Below, we outline the key endpoint security requirements of NIST 800-171 and CMMC, along with the corresponding solution deployed from Microsoft Defender and Microsoft Enterprise. Note the chart below only describes security measures for endpoints that touch CUI.

Sample Endpoint Security Solutions

The following shows one possible way for compliantly protecting endpoints, using solutions deployed from Microsoft Commercial Azure Cloud.

Simplifying Endpoint & CMMC Compliance with PreVeil

Organizations still face the challenge of correctly configuring the solutions listed above to ensure they meet compliance requirements and that the solutions integrate with one another.

That’s why PreVeil created a new Compliant Endpoint Configuration module, the latest addition to our Compliance Accelerator.

This module includes detailed instructions, screenshots, and videos with step-by-step instructions on how to correctly configure your technologies.

For example, to enable Multifactor Authentication (MFA) in Bitlocker the Compliant Endpoint Configuration module instructs users to:

And this level of detailed instruction is available for each aspect of endpoint protection required by CMMC. With this level of instruction, you can save your team hundreds of hours and ensure you are correctly deploying your endpoint protection.

Conclusion

Securing your endpoints is a crucial step in achieving full compliance after deploying PreVeil or any other email/file sharing solution. The Compliant Endpoint Configuration module in our Compliance Accelerator vastly simplifies the process, saving you thousands of dollars and cutting your preparation time in half.

Having the PreVeil Compliance Accelerator package is what made compliance and documentation not as big of a burden. We got a topnotch Shared Responsibility Matrix and System Security Plan from PreVeil that we used as our base. … And that covered a lot of our work. – Jonathan Kelley, VP @ Select Group

To learn more about our Endpoint module and Compliance Accelerator, contact our sales team at sales@preveil.com. If you are a current PreVeil customer, contact your customer success representative.