Early Adoption Of NIST 800-171 Allows AeroDynamics To Get Ahead of the Curve

Company Background:

With decades of metal finishing experience and a deep technical knowledge of the trade, Gregg Burzynski started AeroDynamicsin 1989, a premier metal finishing house. By 2007, with a rapidly growing customer base, quality system demands, and environmental requirements they reached a breaking point. That was when Gregg recruited his wife, Cara Burzynski, to join the company as President.

Cara got the company in compliance and created systems to ensure it stayed in compliance. She led them to becoming AS9100 accredited, NIST 800-171 compliant and joined Nadcapcommittees as a voting member. Cara also concentrated on hiring top talent for the engineering, laboratory, and quality departments.

As of 2021, AeroDynamics doubled its employee base and created jobs within the community. They also doubled theircustomer base earning work from customers like Raytheon, Gillette and SpaceX.

AeroDynamics is located in a 40,000 square foot facility in Seabrook, New Hampshire and has 40 employees. They specialize in metal finishing for the Aerospace, Military, and Defense industries and also serve a large customer base in the Commercial, Industrial, and Medical fields.

Situation:

“We always try to stay in tune with the various industry requirements, current events, and what is happening in our industry,” said Emerson Bilodeau, Director of Quality and Engineering for AeroDynamics. “At some point we came across the NIST 800-171 cybersecurity requirements that the the DoD was going to be requesting from its vendors and the Primes were already looking into.”

AeroDynamics had the foresight to realize NIST 800-171 compliance would be trickling down to them. “We wanted to getahead of the curve to ensure our business with the DoD and the Primes would not be interrupted,” said Bilodeau. “We also wanted a way to get ahead of our competitors with this but we were not sure where to start.” Then through a networking event Cara attended she found out about NH MEP’s information session, “Cybersecurity for DoD Manufacturers.”

Solution:

Cara had Emerson attend the NH MEP information session. Afterward he explained to Cara how NH MEP with the support of its 3rd party service provider Mainstay Technologies could help them reach NIST 800171 compliance. Cara agreed and enlisted NH MEP and Mainstay who would take them through the requirements of NIST 800-171 first with a Phase 1 – GAP Analysis and then the Phase 2 – Policy, Procedures, and Program Design.

For the Phase 1 – GAP Analysis the Mainstay Information Security Team worked with AeroDynamics to perform an assessment and identify compliance, noncompliance, or partial compliance with each of the 110 components required of NIST 800-171. Mainstay provided AeroDynamics a compliance report, along with in-person and over the phone consultations about the findings. This included consultation on a Plan of Action and Milestones Creation (POAM).

For Phase 2 – Policy, Procedures, and Program Design the Mainstay Information Security Team created the appropriate Corporate Information Security Policies, Procedures, Strategies and Plans for AeroDynamics that aligned with NIST 800-171. Mainstay also made cost-effective, NIST 800-171 compliant technical mitigation recommendations.

Results:

“Getting exposed to NIST 800-171 early allowed uninterrupted business with our customers in the Aerospace, Military and Defense industries,” said Bilodeau. “It also enabled us to get a step ahead of our competition by being one of the first NIST 800-171 compliant metal finishing companies in our region.”

The following results for AeroDynamics can be credited to having gone through the Phase 1 and Phase 2 of NIST 800-171 cybersecurity requirements: