Bowmar LLC is a Fort Wayne, Indiana company focused on the manufacture of aerospace and defense products. Bowmar produces mechanical, electronic and electromechanical devices.
Nearly 70% of Bowmar’s customers are defense contractors. Pursuant to a law passed in 2010, the company began to see flow downs for DFARS 252.204.7012 regulations which contain NIST 800-171 controls for handling Controlled Unclassified Information (CUI).NIST 800-171 is comprised of 109 controls in 14 categories ranging from information access controls through systems and information integrity. With the release of NIST 800-171, Bowmar decided to take proactive steps toward compliance and security. The company had already performed an initial gap analysis but had stalled in some areas. Bowmar was made aware of a grant being offered by the Department of Defense (DOD) through Purdue’s Manufacturing Extension Partnership (MEP) program, part of the MEP National Network™. The grant allowed Bowmar to access to resources to assist with remediation towards becoming NIST 800-171 compliant.
Purdue Manufacturing Extension Partnership was instrumental in the process of bringing together the needed factors to make this endeavor successful. The factors necessary for success include: program awareness, relevant business partners and the drive to develop and execute the plan.
After initial discussions and meeting Purdue MEP’s representatives, the company applied for a DOD grant available to help eligible companies become compliant with the regulation. Once the application was approved, Purdue coordinated with a cybersecurity consulting company to help guide Bowmar’s cyber remediation effort. Throughout the process, Purdue MEP headed up the coordination between all parties making sure milestones were attained.
The consultant worked onsite to evaluate Bowmar’s status, reviewing Bowmar’s current procedures and applications and recommending best practices and changes to work towards compliance. The recommendations included changes in policies and procedures as well as upgrading and hardening Bowmar’s hardware infrastructure.The recommended changes allowed Bowmar to meet the NIST 800-171 requirements for compliance as well as a plan for complete implementation of all regulations. This gave the company a comparative advantage over their competitors in gaining and retaining customer contracts that require this regulation. The result of meeting the DOD cybersecurity requirements, with Purdue MEP’s help, allowed Bowmar to maintain 70% of its current business.