Cybersecurity Compliance Key to Business Sustainability
Corru-Seals, dba Nicholsons, is part of a global company specializing in the design and manufacture of resilient, high-temperature metal seals, gaskets, and ancillary components for extreme conditions. For over 45 years, the company has been supplying the aerospace sector from its U.S. site in Wallingford, CT.
The company provides a complete engineering service from design and rapid prototype manufacture to full volume production of standard, optimized, and specialized metal seals. They are an approved supplier for major U.S. aerospace industry customers including Pratt & Whitney, GE, Honeywell, Rolls-Royce, and Bombardier.
Like many manufacturers supplying the defense industry, Corru-Seals was faced with mandatory compliance measures to NIST SP 800-171. This was the company’s first endeavor into safeguarding Covered Defense Information (CDI), Controlled Unclassified Information (CUI), and Cyber Incident Reporting.
DFARS 252.204-7012 compliance with NIST SP 800-171 requires contractors to provide “adequate security” for all covered CDI on all contractor systems used to support the performance of the contract. With over 20% of company revenue from defense products that fall into this category, implementation was critical.
The leadership at Corru-Seals sought CONNSTEP’s technical expertise to better interpret and meet cybersecurity compliance requirements, identify and correct mistakes, and translate complex processes into simple terms.
In addition to performing a gap analysis to help the company understand the requirements of DFARS and NIST SP 800-171, CONNSTEP worked with the leadership team to develop a Plan of Action and Milestones (POAM). The plan of action was designed to correct deficiencies based on risk prioritization and milestones were specified for successfully implementing the plan of action.
CONNSTEP also reviewed the areas of Cybersecurity Maturity Model Certification (CMMC) to assist Corru-Seals in their transition to CMMC 2.0. All security measures were considered to ensure compliance, including identifying and correcting non-compliant customers and vendors.
As a small, but market-leading organization, Corru-Seals values their growing ability to manage compliance efforts with government contractors. They have advanced the security of their infrastructure, introducing new cybersecurity tools such as multi-factor authentication throughout the company.
They have implemented matrices to plan, track, and monitor the POAM. The process has made everyone at Corru-Seals aware of the importance of protecting the transmittal of information – both sending and receiving documentation – and the importance of compliance and security of communications. They are also well on their way to meeting the requirements of CMMC 2.0.
“Working with CONNSTEP on our POAM has changed the way we operate. Taking into consideration all security measures has made us compliant, which for a small organization like ours is critical to our success.”