Cybersecurity

  1. Home
  2.  » 
  3. Services
  4.  » 
  5. Technology
  6.  » Cybersecurity

Upcoming Event:

July 22nd, 9:00 am – 11:30 am: Cybersecurity for DoD Manufacturers 

CMMC Implementation Services

NHMEP provides Phases 1 and 2 of CMMC Implementation to New Hampshire manufacturers who are DoD suppliers or sub-contractors. We begin by working with your IT management on a gap analysis of your current cybersecurity strategies to discover strengths, weaknesses and the best solution to bring your company into CMMC compliance.

What is CMMC?

CMMC Version 1.0 was released in January 2020 and serves as a unified cybersecurity standard for future Department of Defense (DoD) acquisitions. For the bidding process on DoD contracts, CMMC will ensure a fairer process by outlining required levels based on your company’s business requirements. CMMC V1.0 defines a maturity model as a set of characteristics, attributes, indicators, or patterns that represent capability and progression in a particular discipline. It works to establish best practices through defining and structuring action that must be taken by a company to prove that it has incorporated these practices.

The CMMC Framework

The CMMC model framework organizes processes and cybersecurity est practices into a set of domains. For each of the 17 domains, there are processes that span five levels of cybersecurity maturity. Additionally, each of the domains contain one or more capabilities spanning the five levels. And, for a given capability, there are one or more practices that must be demonstrated.

The 17 Domains

Each domain is comprised of processes and capabilities across the five levels.  The domains include:

  • Access Control (AC)
  • Asset Management (AM)
  • Awareness and Training (AT)
  • Audit and Accountability (AU)
  • Configuration Management (CM)
  • Identification and Authentication (IA)
  • Incident Response (IR)
  • Maintenance (MA)
  • Media Protection (MP)
  • Personnel Security (PA)
  • Physical Protection (PE)
  • Recovery (RE)
  • Risk Management (RM)
  • Security Assessment (CA)
  • Situational Awareness (SA)
  • System and Communication Protection (SC)
  • System and Information Integrity (SI)

Phase 1 – Basic Cyber Hygiene 

Processes are performed and select practices are documented where required. There are 17 practices to demonstrate basic cyber hygiene. Equivalent to all practices in Federal Acquisition Regulation (FAR) 48 CFR 52.204-21 from FAR Clause 52.204-21. The first level ensures basic safeguarding of federal contract information.

Phase 2 – Intermediate Cyber Hygiene

Processes are documented, including Level 1 practices and a policy exists that includes all activities. Practices demonstrate intermediate cyber hygiene. This level complies with FAR, includes a select subset of 48 practices from NIST SP 800-171, and includes an additional 7 practices to support intermediate cyber hygiene. A total of 72 practices must be demonstrated at this level as organizations transition to demonstrate cybersecurity maturity progression to protect controlled unclassified information.

To get started with a gap analysis for CMMC Implementation or to learn more, please contact NHMEP:

 

Zenagui Brahim

(603) 226-3200

zenaguib@nhmep.org

Eric Basta

(603) 226-3200

EricB@nhmep.org

 

“Working with the Partnership was a cost effective way to remain ahead of implementation timelines to achieve compliance with NIST 800-171.  Their administrative and technical assistance provided a rich contextual understanding of controlled information and information systems, and guided our company’s policy approach to information exchange governance.  We are now better prepared to meet current and emerging information security obligations for all of our clients.”

Paul Movizzo

DoD Business Development, Creare, LLC

The National Institute of Standards and Technology (NIST) Labs have developed a Behavioral Anomaly Detection cyber solution for manufacturers.
Use it to preempt cyberattacks, rather than dealing with the consequences.

View and download the pdf Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection. 

15 June
Tuesday

Machine Tool Probing for Industry 4.0 – What is it and how does it help your manufacturing process?

Webinar

Probing is an established best practice for maximizing the efficiency, quality, capability, and accuracy of machine tools. Standard routines built into modern CNC controls simplify the integration of probing cycles into machining operations and offline tools. These routines, combined with a CAD interface, make the simulation of measurement functions easy.
16 June
Wednesday

Value Stream Mapping – Info Session

Webinar

This webinar provides an introduction to Value Stream Mapping (VSM). A VSM provides a way to visually see the entire enterprise in order to quickly identify wastes and performance bottlenecks. The methodology systematically takes your company from its current state of operations to a dramatically improved future state.
23 June
Wednesday

Setup Reduction & Quick Changeover Informational Training Session

Webinar

In today’s economy, time is money. The amount of time spent changing over a machine can be costly. That’s why a growing number of manufacturers are adopting setup reduction and quick changeover techniques. The money-saving techniques are a tool of lean manufacturing, which focuses on eliminating waste in manufacturing operations.

How can we help?

Feel free to ask a question or leave a comment.