Site icon New Hampshire Manufacturing Extension Partnership | NH MEP

NIST 800-171 Compliance Allowed Tech Resources, Inc. To Continue Their Work Uninterrupted With The U.S. Department of Defense

Cybersecurity and information technology security services concept. Login or sign in internet concepts.

Company Background

Raymond Quist and Robert Burns had been working for a large manufacturer in New Hampshire who did business with the U.S. Department of Defense. Together they saw a need for more sophisticated electronic support test equipment that enables a “Go/No-Go” decision on military aircraft. That gave them the opportunity to leave the defense contractor in 1979 to start Tech Resources, Inc.

They first rented a 2,000 square foot space in Amherst, New Hampshire and had 6 employees. However they grew quickly and in 1989 built a 32,000 square foot facility in Milford, New Hampshire where they grew to 80 employees in the mid 1990’s and currently still reside today although with fewer employees.

For over 40 years Tech Resources, Inc. has provided sophisticated electronic test equipment and technical logistic services to the United States Airforce, the United States Navy and Foreign Military branches.

Situation

“All our work is for the DoD,” said Gary Andrews, President of Tech Resources, Inc. “So when we heard that the DoD’s NIST 800-171 cybersecurity requirements would be flowing down to their contractors in the near future, we wanted to get ahead of it in order to meet those requirements and not have any interruptions in our business with them.”

They tried to create their own cybersecurity System Security Plan (SSP) but soon found many areas that needed shoring up. That was also when their IT Manager at the time was about to attend the NH MEP NIST 800-171 Cybersecurity for Manufacturers information session.

Solution

After attending NH MEP’s NIST 800-171 Cybersecurity for Manufacturers information session Gary and his team realized they needed help. So in 2019 they worked with NH MEP with the support of its 3rd party service provider Mainstay Technologies. They would take Tech Resources, Inc. through the requirements of NIST 800-171 by performing a Phase 1 GAP Analysis and a Phase 2 Policy, Procedures, and Program Design.

For the Phase 1 GAP Analysis the Mainstay Information Security Team worked with Tech Resources, Inc. to perform an assessment and identify compliance, noncompliance, or partial compliance with each of the 110 components required of NIST 800-171. Mainstay provided Tech Resources, Inc. a compliance report, along with in-person and over the phone consultations about the findings. This included consultation on a Plan of Action and Milestones Creation (POAM).

For Phase 2 Policy, Procedures, and Program Design the Mainstay Information Security Team created the appropriate Corporate Information Security Policies, Procedures, Strategies and Plans for Tech Resources, Inc. that aligned with NIST 800-171. Mainstay also made cost-effective, NIST 800-171 compliant technical mitigation recommendations.

 Results

“We are now at about a 90% level of filling the requirements of NIST 800-171 while continuing to improve moving forward. But at least there will not be interruptions with our DoD business.” said Gary Andrews. He added, “We were grateful to have worked with NH MEP. The expertise they provided to help us was invaluable and we will continue working with them in the future. “

The following results for Tech Resources can be credited to having gone through the Phase 1 and Phase 2 of NIST 800-171 cybersecurity requirements:

  • Retained sales of $1,000,000 over the last 12 months that otherwise would have been lost
  • Added 1 new job over the last 12 months
  • $10,000 cost savings in labor, materials energy, overhead or other areas over the last 12 months
  • Increased investment of $50,000 in new products or processes over the last 12 months
  • Increased investment of $150,000 in plant or equipment over the last 12 months
  • Increased investment of $30,000 in information systems and software over the last 12 months
  • Increased investment of $5,000 in workforce practices or employee skills over the last 12 months
  • Avoided $5,000 of any unnecessary investments or saved on any investments in the past 12 months

 

Upcoming Webinar: July 22nd, 9:00 am – 11:30 am: Cybersecurity for DoD Manufacturers

For more information on Cybersecurity Training and Implementation, please contact NHMEP Business Development Manager Eric Basta at ericb@nhmep.org.

“Tech Resources, Inc. developed a great partnership with NH MEP and their dedication to our success is very much evident at our firm. I appreciate their wiliness to learn our business and to make a positive impact by helping us bring our new cybersecurity plan up to code.”

Gary Andrews

President, Tech Resources, Inc.

Exit mobile version