CUI Enclave & Trust Codex
CMMC 2.0 Level 2–aligned CUI handling and evidence readiness in under one week for small businesses — one system, one evidence story, one handoff to the C3PAO.
CMMC 2.0 Level 2–Aligned · 110 NIST 800-171 Controls · C3PAO-Ready Evidence
Why a clear CUI boundary matters
Government and DoD contracts increasingly require CMMC 2.0 Level 2 compliance. When CUI is scattered across laptops, shared drives, and email, your assessment scope is unbounded — and a failed C3PAO assessment is the result. The CUI Vault Enclave creates a single, defensible boundary. The Trust Codex maps every one of the 110 NIST SP 800-171 requirements to how that boundary satisfies them and exactly where the evidence lives.
CUI Vault Enclave (VM)
A single, contained environment where all Controlled Unclassified Information is stored and worked on — one clear boundary. No CUI on everyday laptops or file shares. Staff access CUI only by connecting into the vault via VPN and then RDP to a dedicated, hardened virtual machine. There is no public RDP, no USB mass storage, and no clipboard or drive redirection. Every session is logged and time-limited.
Trust Codex — CMMC Acceleration
MacTech's auditor-defensible, executive-readable, engineer-actionable manual for the CUI enclave. The Trust Codex maps all 110 NIST SP 800-171 Rev.2 requirements (CMMC 2.0 Level 2) to control strategy and evidence — so the vault is evidence-ready and assessor-friendly from day one. It ships with the enclave as a single deliverable.
What You Get
Everything required to stand up a defensible CUI enclave and walk into a C3PAO assessment with confidence.
Hardened Enclave VM
Windows Server 2025 Datacenter in Azure, Entra ID with MFA and conditional access, FIPS and TLS 1.2 enforced, no public RDP, no USB or clipboard redirection, RDP session limits (15-min idle, 5-min disconnect, 8-hour maximum).
Trust Codex Manual
Full control mapping for all 110 NIST SP 800-171 requirements across 14 domains, with per-control evidence type, artifact name, owner, location, retention period, and regeneration method.
Governance Bundle
Pre-built policies (MAC-POL series), procedures (MAC-SOP series), incident response plan, configuration management plan, CUI Enclave User Agreement, and MFA guide — all CMMC Level 2–aligned.
C3PAO-Ready Evidence Layout
Automated evidence collection and validation scripts, timestamped evidence bundles, PASS/FAIL validation reports, and a single offline CODEX_VIEWER.html deliverable so assessors can locate proof for any control in under two minutes.
Technical Stack
Built on proven, auditor-recognized technology — no proprietary lock-in.
| Component | Specification |
|---|---|
| Operating System | Windows Server 2025 Datacenter |
| Cloud Platform | Microsoft Azure (Commercial) |
| Identity & Access | Microsoft Entra ID (cloud-only), Entra-joined VMs, MFA, Conditional Access |
| Network Access | VPN required, then RDP to enclave VM only — no public RDP endpoint |
| Portable Media | USB mass storage disabled; clipboard and drive redirection disabled |
| Hardening Scripts | Invoke-CuiHardening.ps1 — idempotent, FIPS, TLS 1.2, LSA protection, ASR rules, session limits |
| Evidence Collection | Collect-Cui-Evidence.ps1 — timestamped bundles under C:\evidence\, 1-year retention baseline |
| Validation | Test-CuiHardening.ps1 — read-only PASS/FAIL + JSON report; required checks per control |
| Drift Detection | Drift Guard baseline + check scripts to detect configuration regressions |
110 Controls. 14 Domains. One Evidence Story.
The Trust Codex covers every NIST SP 800-171 Rev.2 requirement across all 14 domains.
Class A Controls (~90 controls)
System-enforced — OS, identity, network, crypto, logging, and hardening. Evidence is technical and reproducible via scripts, configs, and validation reports.
Class B Controls (~20 controls)
Governance, policy, inherited, or not applicable — policies, SOPs, training records, cloud inheritance, or justified non-applicability.
CMMC 2.0 Level 2–aligned CUI enclave in under one week.
Pre-hardened VM. Pre-mapped 110 controls. Governance bundle included. Evidence runbook ready. Turnkey delivery.
Get CMMC-Ready in Under One Week
Start with a discovery call. We scope your program, recommend the right delivery path, and provide a proposal with clear deliverables and C3PAO-ready evidence.