Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Machesney Park Manufacturer Achieves Compliance Goals to Meet DOD Cybersecurity Requirements


Midwest Aero Support, Inc (MAS) provides quality repair and electronic manufacturing services for commercial aircraft for companies worldwide. They are located in Machesney Park, Illinois, with 16 employees.

The Challenge

The Department of Defense (DOD) mandated that all government contractors and their subcontractors become compliant with DFARS 252.204-7012 security requirements in accordance with NIST 800-171 by the end of 2020. Almost all of Midwest Aero Support, Inc.'s manufacturing business is conducted directly or indirectly with the government. In late 2019, Brent Johnson, President of MAS, and his team sat down with IMEC, part of the MEP National Network™, to discuss their needs and learn the different phases and requirements to achieve compliance. 
We never would have been able to achieve an SPRS score in November of 2020 without the guidance of IMEC and Alpine Security. We had no clue how to proceed when we learned of the DFARS requirement. IMEC and Alpine Security were able to educate us in a language we understood.
— Brent Johnson, President

MEP's Role

IMEC introduced and facilitated a relationship between MAS and Alpine Security, a Cerberus Sentinel company, who would guide them through the cybersecurity compliance process. MAS started the journey to compliance in early March 2020, right before COVID-19 shook the world. Of course, there were challenges due to the pandemic, but with necessary adjustments and their commitment to quality and excellence, they pressed on.

After having to start and stop periodically, on October 26, 2020 Alpine Security presented MAS with a Letter of Attestation, which serves as an external tool to communicate proof that a security assessment was performed. They were then able to successfully submit their self-assessment score into the Supplier Performance Risk System (SPRS) on November 18, ahead of the November 31, 2020 deadline. This was the first step to verifying compliance, and once this goal was met, “it was a very rewarding experience” for Johnson and his team. He shares: “Alpine Security has since performed two vulnerability scans which indicated our security system is working. We still have ongoing remediation efforts required to achieve full compliance, but we are well on schedule toward this goal.”

It was a team effort, to say the least, for MAS to progress as successfully as they have. Johnson states that “because so much of the scope involved securing and controlling digital data and documents, we needed extensive involvement from our outside IT contractor. The project was managed and kept on target by Dean Harms and his IMEC team.”

Submitting their score to SPRS benefits MAS in several ways. Not only does it verify they are on the path to Cybersecurity Maturity Model Certification (CMMC) compliance, which builds off the NIST 800-171 requirements, it serves as an effective marketing tool to secure additional government contracts, and it gives MAS a competitive advantage over their competitors.

Created April 30, 2021, Updated July 16, 2022