Cybersecurity

  1. Home
  2.  » 
  3. Services
  4.  » 
  5. Technology
  6.  » Cybersecurity

New England Defense Manufacturers! Meet your NIST 800-171 compliance obligations as a prime or subcontract manufacturer for the defense industry by participating in the Cybersecurity Training Workshops, presented by your New England MEP Centers through the New England Regional Defense Industry Collaboration (NERDIC).

Details

1) The workshops are conducted in four half-day online sessions, presented every other week starting on April 27th.

2) Each workshop topic is delivered on a Tuesday and again on a Thursday of the same week covering the same topic to give you a choice and schedule flexibility for you and your staff. Please choose either the Tuesday or Thursday track upon registering below.

3) Following payment of the series, you must register your employee(s) for all of the four, half-day workshop sessions. Each workshop is intended for different individuals and responsibilities within your business depending on the agenda topics being presented.

4) Fee: $500 – covers all four workshop sessions (a $4,500 value, subsidized thanks to a cybersecurity grant)

5) Your company must be in the defense supply chain with your facility located in Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, or Vermont.

Mitigating the cybersecurity risks and NIST 800-171 requirements facing defense industry manufacturers does not have to be a challenge.

Session 1: Cybersecurity Management Team Overview

Dates: Tuesday, April 27 and Thursday, April 29 (same content both days)
Time: 8 am – 12 noon on each date
Suggested attendees: Business Owners, Management Staff, Senior Leadership

Agenda Overview

During this workshop session, you will be provided with a comprehensive understanding of current and future DoD cyber regulatory requirements and a briefing on the cyber threat landscape. You’ll also receive a review of the process and resource commitment necessary to comply with current requirements.

At the conclusion of Session 1, you will be given an assignment that serves as a prerequisite for Session 2. It will focus on identifying team members who will contribute to security compliance, understanding what Controlled Unclassified Information data is, and mapping out the IT infrastructure and operations processes in place that control the creative, storage, and transmission of data internally and to third parties (vendors and customers).

Session 2: Cyber Risk Management Plan Development

Dates: Tuesday, May 11 and Thursday, May 13 (same content both days)
Time: 8 am – 12 noon on each date
Suggested attendees: Business Owners, Operations Managers, Quality Managers

Agenda Overview

This workshop session will focus on developing a Risk Management Plan (RMP), covering the sections and content included in an RMP.

Topics covered will include properly documenting user roles and responsibilities and an in-depth discussion on the process of complying with NIST 800-171. It will address pre-assessment preparation tasks, GAP assessment, and reviews of System Security and Incident Response Plans. It will also cover compliance reporting in the Supplier Performance Risk System (SPRS).

Assignment at the end of session 2 involves completing a questionnaire focused on capturing organizational duties and placing into a roles and responsibilities matrix, as a prerequisite to session 3.

Session 3: Policies and Procedures Documentation

Dates: Tuesday, May 25 and Thursday, May 27 (same content both days)
Time: 8 am – 12 noon on each date
Suggested attendees: HR Managers, Operations Managers, IT Managers

Agenda Overview

This workshop session will focus on developing a Policies and Procedures Document.  It is intended to be a working session where each section of a completed policies and procedures document is reviewed in order for attendees to gain an appreciation and higher degree of understanding for the level of detail required for each section.

Session 4: Systems Security Plan Development

Dates: Tuesday, June 8 and Thursday, June 10 (same content both days)
Time: 8 am – 12 noon on each date
Suggested attendees: IT Managers and Staff with IT responsibilities

Agenda Overview

This workshop session will focus on the details included in a system security plan. It will be an interactive session that will result in a greater understanding of the topics outlined in the agenda when implementing the plan.

***UPDATE: Currently, NH MEP has received funding through the CARES Act to provide partial funding for the CMMC Implementation to manufacturers that have been impacted by COVID-19.***

CMMC Implementation Services

NHMEP provides Phases 1 and 2 of CMMC Implementation to New Hampshire manufacturers who are DoD suppliers or sub-contractors. We begin by working with your IT management on a gap analysis of your current cybersecurity strategies to discover strengths, weaknesses and the best solution to bring your company into CMMC compliance.

What is CMMC?

CMMC Version 1.0 was released in January 2020 and serves as a unified cybersecurity standard for future Department of Defense (DoD) acquisitions. For the bidding process on DoD contracts, CMMC will ensure a fairer process by outlining required levels based on your company’s business requirements. CMMC V1.0 defines a maturity model as a set of characteristics, attributes, indicators, or patterns that represent capability and progression in a particular discipline. It works to establish best practices through defining and structuring action that must be taken by a company to prove that it has incorporated these practices.

The CMMC Framework

The CMMC model framework organizes processes and cybersecurity est practices into a set of domains. For each of the 17 domains, there are processes that span five levels of cybersecurity maturity. Additionally, each of the domains contain one or more capabilities spanning the five levels. And, for a given capability, there are one or more practices that must be demonstrated.

The 17 Domains

Each domain is comprised of processes and capabilities across the five levels.  The domains include:

  • Access Control (AC)
  • Asset Management (AM)
  • Awareness and Training (AT)
  • Audit and Accountability (AU)
  • Configuration Management (CM)
  • Identification and Authentication (IA)
  • Incident Response (IR)
  • Maintenance (MA)
  • Media Protection (MP)
  • Personnel Security (PA)
  • Physical Protection (PE)
  • Recovery (RE)
  • Risk Management (RM)
  • Security Assessment (CA)
  • Situational Awareness (SA)
  • System and Communication Protection (SC)
  • System and Information Integrity (SI)

Phase 1 – Basic Cyber Hygiene 

Processes are performed and select practices are documented where required. There are 17 practices to demonstrate basic cyber hygiene. Equivalent to all practices in Federal Acquisition Regulation (FAR) 48 CFR 52.204-21 from FAR Clause 52.204-21. The first level ensures basic safeguarding of federal contract information.

Phase 2 – Intermediate Cyber Hygiene

Processes are documented, including Level 1 practices and a policy exists that includes all activities. Practices demonstrate intermediate cyber hygiene. This level complies with FAR, includes a select subset of 48 practices from NIST SP 800-171, and includes an additional 7 practices to support intermediate cyber hygiene. A total of 72 practices must be demonstrated at this level as organizations transition to demonstrate cybersecurity maturity progression to protect controlled unclassified information.

To get started with a gap analysis for CMMC Implementation or to learn more, please contact NHMEP:

 

Zenagui Brahim

(603) 226-3200

zenaguib@nhmep.org

Eric Basta

(603) 226-3200

EricB@nhmep.org

 

“Working with the Partnership was a cost effective way to remain ahead of implementation timelines to achieve compliance with NIST 800-171.  Their administrative and technical assistance provided a rich contextual understanding of controlled information and information systems, and guided our company’s policy approach to information exchange governance.  We are now better prepared to meet current and emerging information security obligations for all of our clients.”

Paul Movizzo

DoD Business Development, Creare, LLC

The National Institute of Standards and Technology (NIST) Labs have developed a Behavioral Anomaly Detection cyber solution for manufacturers.
Use it to preempt cyberattacks, rather than dealing with the consequences.

View and download the pdf Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection. 

15 April
Thursday

Value Stream Mapping Information Session

Webinar

This webinar provides an introduction to Value Stream Mapping (VSM). A VSM provides a way to visually see the entire enterprise in order to quickly identify wastes and performance bottlenecks. The methodology systematically takes your company from its current state of operations to a dramatically improved future state.
19 April
Concord
Monday

Root Cause Analysis & Corrective Action Training

Grappone Conference Center, Concord

Root cause analysis (RCA) is a systematic process for identifying “root causes” of problems and an approach for responding to them. It is based on the idea that effective management requires more than “putting out fires” for problems that develop, but finding a way to prevent them. It helps pinpoint contributing factors to a problem.
20 April
Tuesday

Using AI Technology to Crosstrain & Upskill Employees

Webinar

Stanley X, in partnership with DeepHow, will share their AI-powered solution to capture, train and transfer knowledge among skilled workers. This introductory workshop is part of the NERDIC Industry 4.0 Readiness Ecosystem program for small manufacturing enterprises in the defense supply chain.

About NH MEP

New Hampshire Manufacturing Extension Partnership
172 Pembroke Road
Concord, NH  03301

Phone: 603-226-3200

The New Hampshire Manufacturing Extension Partnership does not discriminate on the basis of race, color, creed, national or ethnic origin, gender, disability, age, political affiliation or belief. This nondiscrimination policy encompasses the operation of all educational and training programs and activities. It also encompasses the employment of personnel and contracting for goods and services.

Contact Us

Press Releases

No-Cost MEP Service Finds Domestic Suppliers and New Business Opportunities for Manufacturers

Manufacturers know that searching for domestic materials and products can at times be challenging and expensive. With the COVID-19 pandemic, it has only become increasingly difficult. As part of the CARES Act, NH MEP is offering a Supplier Scouting and Matching program to manufacturers to address supply chain disruption. This free service encourages a more competitive US supplier market and proactively finds business for manufacturers.

Far-UV Sterilray™ President says Demand is High in Pandemic

SOMERSWORTH — John Neister, president of Far-UV Sterilray, recalls that five years ago he and his team predicted the disinfection company’s products would be in high demand at the onset of the next pandemic. “But we never dreamed it would be something like this,” he said.

Executive Order on Ensuring the Future Is Made in All of America by All of America’s Workers

The White House announced on January 25, 2021 a pending Executive Order (EO) called Executive Order on Ensuring the Future is Made in All of America by All American Workers (link at the bottom). According to the announcement, the EO establishes a substantial role for the MEP National Network in the new administration’s plans to bolster American manufacturing. The EO establishes a priority at the highest levels to use federal purchasing power to support American manufacturers of all types and sizes, across the country.

The Rubber Group Integrates Production Process with Value Stream Mapping

Rochester – The Rubber Group is a customer focused custom injection, transfer, and compression molder of engineered mechanical rubber components like precision seals, vibration isolators, bellows and specialized over-molded components for a wide variety of industries. Last April, as the COVID-19 pandemic hit, they had workforce losses and a 20% reduction of sales revenue from the Oil, Gas and Aerospace industries who were experiencing product slow-downs from their own clients…

WS Dennison Cabinets Sees Host of Improvements since Implementing 5S Program

Pembroke, NH – WS Dennison Cabinets has been creating custom cabinets for residential and commercial industries throughout New Hampshire and New England since 1986. When COVID-19 hit last spring, like so many other manufacturers across the country, Dennison was affected and lost some of their workforce. Looking to make production improvements, the company attended an NHMEP workshop that introduces the basics of a 5S Program, a lean tool which improves organization in a production environment.

How can we help?

Feel free to ask a question or leave a comment.