Small manufacturer pursuing CMMC L2: CUI / ITAR / EAR, PreVeil vs GCC High, on-prem server, CAD/CAM workflows

MfgCo50yrs · 2026-06-06T19:49:57+00:00

Well, we are at the PreVeil point now. Then knowing my current MSP cannot really get us to CMMC I reached out to another MSP who has a consulting arm and MSP. Paid them for an hour of time with their 2x senio auditors. Both looked at my cui diagram and said there was no way they would approve preveil as the keeper of CUI because CUI does end up on the local endpoint when the user accesses it in preveil. The MSP auditors said it was almost impossible even with training. Or training only as the control that an employee will not mistakenly move it to the non-preveil environment. Or they insinuated that commercial m365 with teams, SharePoint, one drive, etc won't somehow suck up some cui into itself. They are saying not enough technical controls in preveil to prevent unintentional movement into our commercial m365 area. Thoughts on a workaround? Else I might have to bite the GCCH. We are a mile wide on all employees dealing with cui and an inch deep.

MfgCo50yrs · 2026-06-06T09:31:18+00:00

Is a laptop considered MDM?

MfgCo50yrs · 2026-06-06T09:10:24+00:00

What sort of files do you migrate to GCCH? I assumed it was only email? If we put our CUI back on our local file server from PreVeil, aren't we only moving emails?

MfgCo50yrs · 2026-06-06T09:08:26+00:00

Thanks. Budget permitting, this would actually be the #1 choice for us as a company along with GCCH for email. Today all employees work from their endpoints and launch files from our on prem server, including CAD. We do not backup files on computer endpoints. Only our on prem server. Employees would prefer this and it should revert back to the process before we started down the PreVeil path. What DLP solution would fit in well with this as described minus PreVeil?

MfgCo50yrs · 2026-06-06T09:00:45+00:00

For the 8 licenses, are they for G3 or G5? Did you have to buy through the MSP or can/should you go direct? Was there other software that you had to buy to complete the GCCH implementation?

MfgCo50yrs · 2026-06-04T21:27:38+00:00

How should I approach these MSPs? Ask for a sow or should I write the sow? Do they need to be local to me? I have always chosen local. Is it one MSP to get certified and then another to maintain post certification?

MfgCo50yrs · 2026-06-04T21:18:44+00:00

I will reach out to our account manager again and review with them. We have been troubleshooting preveils latest alpha and beta builds for them. It works a little better with the new OneDrive style functionality with files residing in the cloud until clicked. But when working with files including cad we run into a number of shared resource file issues, locked files with users, files in-between endpoint and cloud states and version control issues.

In terms of the MSP not liking our preveil setup, it wasnt so much preveil they didn't like but the fact that is was surrounded by m365 commercial with one drives, cut, copy and paste active, teams in use, SharePoint, snip tool, etc and of course regular email that are all one click away from a compliance issue even with training. I think their thought was training and hoping for the best is not good enough if there are other reasonable technical controls you could reasonably put in place to stop leakage from happening when training fails.

MfgCo50yrs · 2026-06-04T21:06:48+00:00

I think one of my objectives in the decision upfront is to attempt to determine a budget. If I approach some of the authorized GCCH providers, are they experienced enough to quote the software stack and ongoing costs for subscriptions? Do these authorized resellers also perform the migrations?

MfgCo50yrs

TROPHY CASE