Infinity Fuel Cell Establishes Cybersecurity Compliance for Government Contracts
Established in 2002, Infinity Fuel Cell and Hydrogen leverages its years of military and space fuel experience designing the next generation of air-independent fuel cells and regenerative fuel cells. With support from NASA and other U.S. government agencies, Infinity has achieved key breakthroughs in fuel cell design that have simplified the complexity of these systems and significantly improved performance and reliability.
Infinity Fuel is primarily focused on the aerospace and defense markets, providing technology to Unmanned Aerial Vehicles, Autonomous Underwater Vehicles, and Space programs. As a key manufacturer for NASA and military applications, cybersecurity compliance is of paramount importance.
Evolving Cybersecurity Landscape
The defense industry and commercial businesses are increasingly concerned about cybersecurity. In most cases, to qualify as a contractor for government contracts, adherence to established cybersecurity standards is a requirement.
Given the amount of work Infinity Fuel conducts with NASA and the federal government, the company was obligated to conform to cybersecurity requirements. To help them fulfill their cyber compliance, Infinity partnered with CONNSTEP, the Manufacturer Extension Partnership (MEP) representative in Connecticut.
Initiating the Compliance Process
As a government contractor, Infinity Fuel Cell and Hydrogen must comply with Defense Federal Acquisition Regulation Supplement (DFARS) requirements that all companies doing business with the U.S. Department of Defense (DoD) safeguard sensitive defense-related data and report cybersecurity incidents. Adequate security includes implementing the requirements of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.
Infinity needed to complete a system assessment, implement new policies, conduct staff training, and strengthen their Information Technology (IT) hardware and software configurations.
In order to improve the safeguards of defense-related data, CONNSTEP collaborated with Infinity Fuel to:
- Perform a gap analysis to NIST SP 800-171 requirements
- Create a Plan of Action (POA)
- Customize policies and procedures
- Define milestones in the POA
- Create a System Security Plan (SSP)
- Create an Incident Response Plan (IRP)
- Train employees on new policies and procedures
Infinity’s implementation of NIST SP 800-171 controls is a key step towards the development of a sustainable Cybersecurity Maturity Model Certification (CMMC) program.
Compliance with DoD cybersecurity measures was well-documented by Infinity management with guidance and assistance by CONNSTEP.
Specifically, CONNSTEP conducted an assessment of Infinity’s understanding of the DFARS and NIST SP 800-171 requirements. The effectiveness of security controls was evaluated and any gaps in the performance of these controls were identified as they related to NIST SP 800-171 and delivered in a report.
With findings from the gap analysis report, a Plan of Action was created with risk prioritization. It included policies and procedures structured to help Infinity achieve compliance with DFARS 252.204-7012 and NIST SP 800-171 cybersecurity protocols and requirements.
The Infinity Fuel team and their IT resources worked with CONNSTEP on an SSP and IRP for the company. Infinity’s System Security Plan contains their:
- Cybersecurity assessments
- Network and interconnection diagrams
- Plan of Action information
- Policies and procedures for NIST SP 800-171 compliance
The Incident Response Plan developed by the Infinity team prescribes timely and protective procedures for employees to handle cyber incidents at the company and their IT network, necessary to be compliant with NIST SP 800-171.
Infinity Fuel management has taken the necessary steps and followed the processes required to achieve compliance in good standing as a contractor for federal government programs.
Next Steps
Infinity management will train their employees on policies and procedures to ensure cybersecurity compliance at all levels of the company.
In addition, CONNSTEP will assist Infinity Fuel in development of a sustainable CMMC program, building on their implementation of NIST SP 800-171 controls. The program provides assurance to the DoD that Infinity has the ability to meet cybersecurity requirements and manage information risk.
Thanks to CONNSTEP the compliance process was not as overwhelming as it could have been. They helped us not to overwork or over engineer things that we already had in place. They also kept us focused and provided good guidance. It’s an ongoing process which we are better prepared for now.
Related Items
Often basic housekeeping is overlooked in favor of “productivity.” This is a common practice but one that costs you over the long run. Putting a basic 5S program in place is inexpensive and yields a great return on your (small) investment.
Continuous Improvement Champion Certification (CICC)
This course provides comprehensive exposure to the principles and practices needed to develop and sustain a Lean Enterprise. You will receive immediate reinforcement of the classroom learning by applying your training to a real-life project within your organization.
[Case Study] Enterprise-Wide Lean Transformation Drives Growth & Revenue
“The enterprise-wide lean transformation facilitated by CONNSTEP helped give us the continuous improvement head start we needed."