“We never would have been able to achieve an SPRS score in November of 2020 without the guidance of IMEC and Alpine Security. We had no clue how to proceed when we learned of the DFARS requirement. IMEC and Alpine Security were able to educate us in a language we understood.”
Success in Operations
99% of Midwest Aero Support, Inc. (MAS)’ manufacturing business is conducted directly or indirectly with the government. When the Department of Defense mandated that all government contractors and their subcontractors become compliant with DFARS 252.204-7012 security requirements in accordance with NIST 800-171 by the end of 2020, Midwest Aero began the process.
In late 2019, Brent Johnson, President of MAS, and his team sat down with IMEC to discuss their needs and learn the different phases and requirements to achieve compliance to continue doing business with DoD contractors. IMEC then introduced and facilitated a relationship between MAS and Alpine Security, a Cerberus Sentinel company, who would guide them through the cybersecurity compliance process.
MAS started the journey to compliance in early March 2020, right before COVID-19 shook the world. Of course, there were challenges due to the pandemic, but with necessary adjustments and their commitment to quality and excellence, they pressed on. After having to start and stop periodically, on October 26, 2020 Alpine Security presented MAS with a Letter of Attestation, which serves as an external tool to communicate proof that a security assessment was performed. They were then able to successfully submit their self-assessment score into the Supplier Performance Risk System (SPRS) on November 18, ahead of the November 31, 2020 deadline. This was the first step to verifying compliance, and once this goal was met, “it was a very rewarding experience” for Johnson and his team. He shares: “Alpine Security has since performed two vulnerability scans which indicated our security system is working. We still have ongoing remediation efforts required to achieve full compliance, but we are well on schedule toward this goal.”
It was a team effort, to say the least, for MAS to progress as successfully as they have. Johnson states that “because so much of the scope involved securing and controlling digital data and documents, we needed extensive involvement from our outside IT contractor. The project was managed and kept on target by Dean Harms and his IMEC team.”
Submitting their score to SPRS benefits MAS in several ways. Not only does it verify they are on the path to Cybersecurity Maturity Model Certification (CMMC) compliance, which builds off the NIST 800-171 requirements, it serves as an effective marketing tool to secure additional government contracts, and it gives MAS a competitive advantage over their competitors. Maintaining compliance is now ingrained in their culture - the current staff has been trained and educated on the importance of protecting Controlled Unclassified Information (CUI), and it is now part of the standard training for new employees.
Although there were several inconveniences and some staff had challenges adjusting to the new standards, everyone eventually got on board to ensure that MAS remains compliant. “All CUI digital and printed data is organized and stored in one central location with limited access to select individuals. Procedures are in place for non-authorized staff to request the data necessary to their job functions. We are now able to retain jobs and grow our business locally which will be a benefit to our community.” Thanks to Johnson and his team’s commitment to achieving their compliance goal, expert support from IMEC, and the guidance from Alpine Security, Midwest Aero Support is now up to standards with DoD security requirements, and their success positively impacts the community.
- Anticipated New Sales: $600,000
- Anticipated Retained Sales: $412,000
- 7 New or Retained Jobs