Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Broadwing Aviation – We Find a Way!

With the help of: TMAC


Broadwing Aviation was formed in 2002 with one goal: execute aftermarket supply the best way, not just better. You’ll hear their founders say, “We aren’t here to sell aircraft parts. Rather, we are here to provide a value-added service to customers, meeting their long-term needs in the most efficient way possible.” Broadwing is an aftermarket supplier of aviation products serving commercial airlines, U.S. government through DLA and Prime Contractors.

The Challenge

In order for companies to even be considered for government contracts, they need to be certified based on Cyber Security Maturity Model Certification (CMMC – a third party certification) which requires complete adherence to NIST 800-171. As a multi-million dollar supplier to the Defense Logistics Agency (DLA) and prime contractors, Broadwing Aviation knew a cyber security certification in accordance with DFARS 252.204-7012 measured by NIST 800-171 would be a daunting task to accomplish. Broadwing knew that if they were not on a path to certification, they would risk losing all (over 30% of their current business) of their current Department of Defense (DOD) business with potential of losing all future DOD contracts which would result in millions of dollars of lost revenue. Since Broadwing is a small business and did not have the resources to begin their certification, they engaged TMAC, part of the MEP National Network™, in early 2019.
Deciding to work with TMAC was one of the best decisions we made in 2019. Their team, including Darold Tippey, were knowledgeable, responsible, accountable and instrumental in us achieving our goals of moving toward compliance for the DOD.
— Michael Mills, Co-founder and CFO

MEP's Role

TMAC began their work with Broadwing’s management team and their IT outsource group to lay out a plan and timeline to get compliant. This effort was initially funded by a DOD OEA (Office of Economic Adjustment) grant given to The University of Texas at Arlington but continues as a TMAC project.

TMAC provided critical leadership for Broadwing’s management team by assisting them in completing a gap assessment. This assessment gave Broadwing Aviation a current state versus future state view of their business in relation to the DFARS and CMMC requirements.

Next was a roadmap for compliance, which is a process to develop all key requirements, step-by-step instructions and guidance on how to successfully reach the desired future state. For the first step TMAC developed a map on how DOD Controlled Unclassified Information (CUI) flows through Broadwing’s organization. TMAC then created transit, manipulation, and storage processes to ensure proper security protocols (PSP) are followed to protect this critical information. By utilizing this map TMAC and Broadwing were able to set up PSPs to ensure that this information was protected. TMAC and Broadwing are now developing the system and site security plan which is a very detailed plan of the site and network to optimize protection of CUI for DOD.

Created August 1, 2020, Updated July 12, 2021