Case Study – Overcoming CMMC, DoD & Production Challenges

This case study examines how we helped a machinery parts manufacturing shop meet CMMC requirements and improve its overall IT security posture. The shop has 85 employees and 30+ PC users spread between two locations in New Hampshire and Michigan. Due to the sensitive nature of these details, the client’s name is omitted.

Client Background

The client had an aging infrastructure and an internal IT person who was taking a band aid approach to most tech issues. Their business had recently picked up due to increased demand for their products, and they had just landed a contract with the Department of Defense (DOD), increasing the compliance requirements they needed to meet.

Strategy and Tactics

We decided to start with a network and risk assessment so that we could help the client with these two specific needs:

  1. Deploying an application to support a new line of business
  2. Meeting compliance requirements to work with the DOD

Network Assessment

When we looked at the network, we discovered an aging infrastructure including outdated servers and PCs and site-to-site connectivity issues. Then, we contacted the new line-of-business vendor to see what was needed to support their application.

We came up with a budget and a timeline for the client to upgrade their network and invest in new servers, PCs, and backup storage devices. We also created a plan for managing these systems in the future, and we onboarded the client with our managed services and tools so they would have hardware updates, anti-virus, and other security services in place.

Security Assessment & CMMC

The DOD and the client’s other partners had very specific security and compliance requirements. To ensure our client was ready to meet these requirements, we took a look at their security gaps and vulnerabilities based on the NIST 800-171 and CMMC Level 2 frameworks.

We started with a 2-hour strategy session with the company’s management team to talk about how they handle their data and user access both internally and externally. Then, we ran third party internal and external vulnerability scans. After that, we sat down with the leadership team to talk about our findings and recommendations.

Together, we created a strategy that outlined the security tools and services they needed, and we drafted a roadmap and a budget to get the client in line with the DOD’s compliance requirements. We also worked out security policies related to password management, file access and permissions, remote access to the network, and backups processes.

To achieve this, we added the following security services:

  • Endpoint Detection and Response (EDR)
  • Security Incident and Event Management (SIEM)
  • Multifactor Authentication (MFA)
  • Dark Web/Email Compromises
  • Updated firewall with added security services
  • Managed Detection and Response (MDR)

All of these elements work together to create a more secure environment, and the MDR provided the client with outsourced 24/7/365 cybersecurity support.

READ THE CMMC 2.0 COMPLIANCE GUIDE >

Results/Outcomes

After our team implemented these changes, the client reaped the following benefits:

Up-to-date Network

Now rather than limping along with an outdated network, they have an up-to-date network that’s completely scalable as their business grows. They have a long-term plan in place so they can budget for IT upgrades annually and GRADUALLY, instead of waiting 10 years and needing to deal with huge costs and operational impacts all at once.

Documentation Process

They now have a documentation process in place so they can prove they are compliant with the cybersecurity and technology requirements of the DOD and other clients.

Expanded Business Ability

The documentation process and the improved cybersecurity environment means this company now exceeds the requirements for doing business with the DOD, the military, and other government entities. Their commitment to security also makes them more competitive and better poised to gain contracts with other clients.

Enhanced Peace of Mind

Now that PCG is keeping an eye on the network and regularly reviewing security policies, the client has enhanced peace of mind. They don’t have to worry about cyber attacks or data breaches.

Increased Productivity

The 24/7 helpdesk provides support in under five minutes, allowing workers to avoid time-consuming tech delays. Our team also centralized the client’s network which helped to improve productivity. In the past, the company’s two locations each had their own network, and if someone from Michigan needed to access data stored in New Hampshire, they had to email or call. Centralizing the network removed these inefficiencies.

Proactive Approach to IT

Rather than taking a ‘band-aid approach’ to IT, the client has adopted a proactive approach. We meet twice a year to talk about our vCIO/IT strategy and to make recommendations about their IT and security plans. This proactive approach minimizes unexpected issues and expenses.

How we make an ongoing difference

When working with this client, we don’t focus exclusively on IT. Instead, we ensure that the IT environment supports the business’s operations wholistically. To that end, we collaborate with the client on their business goals and concerns, and offer our expertise on any and all issues including websites, sales and marketing, human resources, employee resource management, hiring, and more.

If you want to improve your IT environment and position your manufacturing company for success, contact us today.