Securing the Defense Supply Chain: How Lions Services Achieved CMMC Compliance and Seamless Linux Integration with Virtru

The Result

•  A browser-based, FedRAMP-authorized encryption solution that seamlessly supports Lions Services' highly secure, pure-Linux network architecture. 
• Protects and controls CUI shared with external vendors and the DoD, aligned with rigorous CMMC compliance and FIPS encryption standards.
• Streamlines access permissions and audit logs through a frictionless integration with the organization's existing on-premise Active Directory and SAML-based MFA.

Lions Services is a non-profit defense manufacturer and a proud affiliate of National Industries for the Blind (NIB). Operating under the Javits-Wagner-O'Day (JWOD) Act, the organization has a 91-year history of providing essential manufacturing support to the Department of Defense (DoD) while empowering the visually impaired workforce. As a key player in the DoD supply chain, Lions Services frequently handles highly sensitive technical data, including Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and Controlled Technical Information (CTI). Led by Director of IT Scott Kirk, the organization recognized the critical need to modernize its IT infrastructure to meet strict Cybersecurity Maturity Model Certification (CMMC) requirements, ensuring defense data remained secure and compliant across their network.

The Selection Process: Seeking Flexibility and FedRAMP Authorization

To safeguard sensitive technical data, Lions Services initially adopted PreVeil to manage encrypted communications. However, critical operational limitations soon emerged. A massive update failure corrupted the vast majority of local installations, leading to a widespread loss of encryption keys and a painstaking, management-level recovery process that disrupted workflows. 

The defining catalyst for change occurred when Lions Services upgraded its security architecture to a highly secure, pure-Linux enclave. PreVeil’s client was strictly limited to Windows and Mac platforms. "I assumed that since they offered web access on Windows, it would carry over to Linux — but it never would. That was the end of the conversation," Kirk explained. "I couldn’t get it to work... the guy was polite and basically told me it was never going to work."

Needing an immediate, CMMC-compliant replacement, Kirk discovered Virtru. Virtru stood out immediately due to a highly responsive team, browser-based accessibility, and FedRAMP authorization — a crucial component for defense contractors. Virtru also provided the vital capability to revoke file access, ensuring external vendors couldn't mishandle CUI. Additionally, the Virtru Private Keystore addressed a unique compliance nuance for Kirk, allowing his team to manage their own encryption keys to ensure that no third party could decrypt CUI upon government request without Lions Services' knowledge, thus maintaining their contractual obligation to protect the data.

Deployment and Experience: Frictionless Integration

Deploying Virtru within Lions Services’ on-premises, Linux-heavy environment was a remarkably smooth experience. Because Virtru Secure Share is browser-agnostic, it fits perfectly into the organization's isolated physical workstations, allowing purchasing officers and other staff to securely transmit CUI to suppliers without compatibility roadblocks. For non-Linux users in HR and finance, Virtru’s seamless Outlook integration provided familiar, robust protection without altering their daily habits. 

The backend implementation was equally frictionless. Virtru integrated flawlessly with Lions Services' on-premise Active Directory and SAML-based Multi-Factor Authentication (MFA). "It was one of the easiest experiences," Kirk noted. "Slap the certificates in, open up the ports that were needed... Suddenly, we don't have to worry about how to collect logs and get them into our SIEM."

By connecting straight into existing systems, Virtru allowed Lions Services to automate their audit log collection effortlessly. This architectural flexibility not only solved their immediate operating system compatibility issues but also future-proofed the organization’s overall IT strategy. "Having platforms that are agnostic to the underlying OS are becoming increasingly important in our decision-making," Kirk emphasized. "I don't like getting painted into a corner, because two, three, four years down the road, it always comes back to bite you."

Value and Business Process Improvement

Ultimately, Virtru has become an integral asset in Lions Services’ journey toward full CMMC compliance. As the organization navigates the rigorous, multi-phase audits required by their C3PAO (Certified Third-Party Assessment Organization), Virtru provides peace of mind through its FedRAMP authorization, FIPS 140-2/140-3 encryption capabilities, and granular data controls. 

Virtru has completely transformed the way Lions Services shares and tracks defense data. Purchasing officers can now securely send highly sensitive specs to external suppliers with the confidence that the data is protected by Virtru’s Secure Reader and access revocation features. "We need it encrypted... The trick there is we also need to control what the vendor does with it," Kirk explained. "We don't want them printing it out and throwing it out on their floor, because suddenly that's a leak of the CUI."

By replacing an inflexible, OS-restricted platform with Virtru’s versatile, browser-based solution, Lions Services dramatically reduced their attack surface and simplified their compliance workflows. With Virtru safeguarding their external communications, the IT team at Lions Services can focus less on troubleshooting software and more on fulfilling their vital mission of supporting the Department of Defense.