Government Cracking Down on Regulatory Compliance for DOD Contractors

CM MANUFACTURING INC.

 

CM Manufacturing Inc. has been in business since 1984, and located in  Missoula since 1997. Owner, Ken Johnson, has been in the aerospace industry for over 20 years. CM Manufacturing, Inc. works on a daily basis with extensive non-destructive testing requirements, chrome-plated, cadmium plated, and painted parts, and is accustomed to working with all the major aircraft manufacturers’ specifications. You can count on CM Manufacturing for all of your precision machining needs.

Industry: Manufacturing
Company Size: 30 Employees
Location: Missoula, MT

THE CHALLENGE

 

Manufacturers that want to retain their DoD, GSA, NASA and other federal and state agency contracts need to have a plan that meets the requirements of NIST SP 800-171. 

The reason behind these regulations is to prevent controlled unclassified information from falling into the wrong hands. According to the 2018 Data Breach Investigations Report by Verizon, public sector entities such as government organizations accounted for 14% of breach victims. In addition, the manufacturing industry, which contracts with the DoD to produce everything from missiles and other weapons to airplanes and computer systems, was also greatly impacted by breaches.  

One of the first steps manufacturers need to take is to identify where gaps exist that prevent them from being compliant with Defense Federal Acquisition Regulation Supplement (DFARS) and NIST SP 800-171. 

 

 

 

Retain Federal and State Agency Contracts

Industry at HIGH Risk

Identify Gaps, Plan, and Execute

Maintain Compliance with DFARS and NIST SP 800-171

THE SOLUTION

First Call worked collaboratively with CM Manufacturing on a year-long project to bridge the gaps and vulnerabilities found during a NIST Cybersecurity audit. A project of this scope comes with a lot of change. Our solution was a multi-phase project aimed to align business operations with NIST guidelines and compliance regulation while managing change for staff. Each quarter we methodically planned our work, working our plan, and moving the proverbial bar closer and closer toward regulatory compliance.

Projects Implemented at CM Manufacturing include:

New Server Implementation

Implementation of NIST 800 Compliant Spam Filter

~

Hard Drive Encryption on Servers and Workstations

Multi-Factor Authentication

Migration from On-Premise Exchange (email) to Office 365 Hosted Exchange (email)

Hybrid Backup Solution with Local Backups and Cloud Replication

NIST-800 is a cybersecurity compliance requirement for DOD contractors which is very involved.  CM and FirstCall worked out a project timeline in order to become compliant.  I am pleased with the project timeline as well as First Call taking the lead and moving this project to completion.  CM does not have the time nor the expertise to manage a project such as NIST-800.  In today’s cyber threat  world it is imperative that organizations implement a standard that mitigates the risk of cyber-attacks.  One has to be proactive to these threats as being reactive can create serious threats to the operational success of the organization.    

Ken Johnson

President, CM Manufacturing Inc.

THE RESULTS

A better way to manage cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and learning from previous activities

Operations that align with the requirements of NIST SP 800-171 

Remediation of any gaps that existed preventing compliance with DFARS 

Management of change to minimize the impact on staff and operations during project delivery 

A happy client

Let's Work Together!

Schedule a FREE Cybersecurity Consultation with one of our Cybersecurity Specialists to learn more about how to improve your business’s security, and start taking action!