Frequently Asked Questions
Clear answers about Security Cavalry, the Cavalry Enclave™, compliance scope, and how we work with your organization.
About Security Cavalry
Security Cavalry provides a purpose-built Microsoft GCC / GCC High secure enclave designed specifically for handling Controlled Unclassified Information (CUI). Our focus is delivering a controlled operating environment — not consulting or assessments.
No. Security Cavalry is a productized platform provider, not a cybersecurity consulting firm. We do not design custom security architectures, perform audits, or provide generalized security consulting. We build and maintain a specific, repeatable secure environment.
No. No vendor can guarantee certification. Security Cavalry provides a secure, defensible operating environment that supports CMMC Level 2 technical requirements by design — but certification outcomes depend on organizational policies, procedures, and assessment results.
That said, our team has supported clients through successful Level 2 assessments, including certifications achieved with perfect assessment scores.
Compliance Questions
The Cavalry Enclave™ helps simplify and support compliance, but it does not by itself make an organization compliant. CMMC also requires policies and procedures, governance and documentation, and training and accountability. These elements are handled separately through compliance guidance.
Yes. One of the primary benefits of the Cavalry Enclave™ is scope reduction. By defining a dedicated CUI-only environment, organizations can limit which systems, users, and processes fall under CMMC scope. This keeps CUI in the cloud only, avoids the hidden scope bomb of on-premise CUI handling, and dramatically reduces the systems your assessor needs to evaluate.
Yes. The enclave model is designed to be clear, explainable, and defensible. Assessors typically look for defined system boundaries, controlled access, consistent configurations, and clear documentation. The enclave approach aligns naturally with those expectations.
Security Cavalry is there handling the assessment with you and is able to answer a majority of the questions that don't pertain to company policies and procedures.
Architecture & Access
No. The Cavalry Enclave™ uses a standardized architecture and security baseline. This consistency is intentional — it improves security, simplifies operations, and strengthens defensibility during assessment.
Your general business IT systems remain outside the enclave. The Cavalry Enclave™ is used only for CUI-related work. Day-to-day business operations are not disrupted. Your existing MSP, internal IT team, or other providers continue to manage your standard environment.
Users access the enclave through Cavalry Scout™, a locked-down virtual desktop access (VDA) browser that controls access paths and prevents local data spillage. Users can remote into the enclave with an iPad or computer and view CUI through a digital medium.
Inside the enclave, users can download from trusted government portals, store CUI securely in Azure's FedRAMP-authorized cloud, process CUI using authorized Microsoft GCC services, share externally via whitelisted domains, and send/receive encrypted email with authorized domains.
Limitations exist by design: users cannot print CUI and cannot download CUI onto local machines. These restrictions are what make the enclave defensible.
Management & Support
Security Cavalry manages the enclave platform and baseline configurations, including monthly monitoring and maintenance, ongoing compliance tasks with evidence gathering, and ongoing support. Organizations remain responsible for user authorization decisions, policies and procedures, and training and compliance governance.
No. Security Cavalry operates independently alongside your existing providers. You may continue using your internal IT team, an existing MSP, or any other provider. There is no required bundling. The enclave is a compartmentalized add-on to your existing workflows.
This is one of the most common situations we see. When an MSP has access to systems that handle CUI, they become in scope for Level 2 requirements — which means switching out toolsets, equipment, and processes. That's costly and disruptive.
The Cavalry Enclave™ solves this. Your MSP can present it as a solution to their client, continue handling typical MSP services for non-CUI systems, and avoid having to meet all Level 2 requirements themselves. Everyone keeps their existing relationship.
Contract & Pricing
Yes. Security Cavalry can be purchased independently. There is no requirement to purchase compliance consulting, managed IT services, or other bundled offerings. Each engagement is separately scoped and contracted.
The Cavalry Enclave™ & Cavalry Scout™ engagement includes enclave and access design, enclave and access buildout, a body of evidence for third-party assessment, administrative documentation and evidence, monthly monitoring and maintenance, ongoing compliance tasks with evidence gathering, and ongoing support.
Microsoft licensing (GCC / GCC High), Azure environment resource costs, and the C3PAO assessment itself are not included and are handled separately.
Yes. Many organizations start with the enclave and later engage compliance support as needed. Security Cavalry does not restrict which compliance provider you use.
If You Remember One Thing
Security Cavalry does not sell compliance or consulting. We deliver a controlled, auditable environment that makes compliance simpler, smaller, and more defensible.
Still Have Questions?
We'd rather answer your questions directly than have you guess. Let's talk about whether an enclave approach makes sense for your organization.
Schedule a Discussion