The Process

How the Cavalry Enclave™ Works

A clear, structured approach to handling Controlled Unclassified Information (CUI) using a purpose-built Microsoft GCC / GCC High environment. One goal: define where CUI lives and control how it is accessed.

Request an Enclave Walkthrough
Step by Step

A Simple Concept, Executed with Intention

Rather than securing an entire business environment, the Enclave establishes a dedicated, controlled space for sensitive work. Here's how it comes together.

1

Establish a Dedicated CUI Environment

The Cavalry Enclave™ is deployed as a separate Microsoft GCC or GCC High environment dedicated entirely to CUI. General business operations remain outside the enclave and are not impacted.

  • Separates CUI from non-CUI systems completely
  • Limits which systems fall under CMMC scope
  • Creates a clear system definition for documentation and assessment
2

Apply a Consistent Security Baseline

The enclave is built using a standardized, hardened baseline aligned with CMMC Level 2 technical requirements. The enclave is intentionally not customized — consistency is what makes it defensible.

  • Controlled identities and access
  • Hardened configurations across all clients
  • Centralized logging and monitoring
3

Enforce How Users Access CUI

Users access the enclave through Cavalry Scout™, a locked-down virtual desktop access (VDA) browser. Rather than relying on user judgment, access is technically enforced.

  • Access occurs only through approved paths
  • CUI is not stored on local devices
  • File movement and clipboard behavior are controlled
4

Perform Sensitive Work Inside the Enclave

Once inside the enclave, users perform CUI-related work using approved tools and workflows. All CUI remains inside the enclave boundary.

  • Document creation, review, and secure collaboration
  • Access approved applications and government portals
  • Secure storage and management of CUI data
5

Maintain a Defensible Operating Environment

Security Cavalry continuously maintains the Cavalry Enclave™ to ensure configurations remain consistent, access remains controlled, and system behavior is predictable — supporting long-term audit readiness without constant redesign.

  • Monthly monitoring and maintenance included
  • Ongoing compliance tasks with evidence gathering
  • Security Cavalry supports you through C3PAO assessments
CMMC Impact

How the Enclave Simplifies CMMC

By defining a clear CUI boundary, assessors can clearly understand what is in scope, how access is controlled, and where CUI is stored.

Scope CMMC Controls to the Enclave

Controls apply to the enclave — not your entire business. Fewer systems, fewer devices, fewer people in scope means a more manageable compliance posture.

Focus Evidence Collection

When you know exactly where CUI lives, evidence gathering becomes simpler. Your SSP and POA&M documentation become clearer and more defensible.

Simplify the Assessment Process

A well-defined enclave typically allows C3PAO assessments to be conducted remotely, more quickly, and at lower cost than assessing an entire mixed-use environment.

Reduce Ambiguity During Assessment

Assessors look for defined system boundaries, controlled access, consistent configurations, and clear documentation. The enclave approach aligns naturally with those expectations.

The Alternative

What the Enclave Approach Helps You Avoid

Without a clear CUI boundary, organizations face costly and complex challenges that make CMMC compliance feel impossible.

Securing every device and system across the company

Mixing CUI with general business data on the same systems

Uncontrolled access paths that are hard to document

Excessive scope expansion that drives up cost and complexity

Custom security architectures that are difficult to defend

The hidden scope bomb of printing and storing CUI on-premise

Clear Boundaries

What the Enclave Does Not Do

The Enclave provides a secure operating environment — not compliance documentation or assessment services.

  • It does not replace your general business IT environment
  • It does not act as a compliance consulting or documentation service
  • It does not guarantee certification outcomes — no vendor can
  • It does not remove the need for policies, procedures, and governance

See the Enclave in Context

If you want to understand how a controlled enclave approach fits into your organization, we can walk you through the model step by step.

Schedule an Enclave Walkthrough