We are a small defense contractor. These days literally every email DLA sends in regards to quotes, etc are marked as CUI. It could literally be:

"CUI

​

Hi Mr. X. Can you quote this NSN - xxxx-xx-xxx-xxxx? Thank you.

​

CUI"

​

Based on that, we do believe we need to be CMMC level 2. We're a 4 (soon to be 6) person company with revenue in the $10M range. Do these emails really need to be sent encrypted? If so, our IT team is recommending that we use outlook inside a VDI with preveil and proofpoint. If an email with CUI comes in, we are being told that:

- we will receive an email telling us to go into proofpoint, open the email, and download it into preveil

- go into our preveil box, then we can bring it into our encrypted outlook box and then open it and reply to the email from there.

​

That seems REALLY "clunky" to me. Is there a more user friendly (and scalable - there' s no reasonable way we can scale this to 10-20 employees as we grow over the next couple years) way to do this? We were told that Microsoft GCC High might resolve this. From what I'm seeing the $700-1000/employee is no issue if it makes all of this seamless. We were led to believe by this IT team that the solution mentioned above was the only way to do this at a deployment cost of under $70-100K.

​

Any advice or guidance would be appreciated. If it matters, we're in the northern OH area. Thank you.