A major defense prime contractor approached TMAC’s Col. Darold Tippey (Ret.) and Ghassan Khatib to work with Aero-Glen on the preparation for their upcoming cybersecurity assessment. TMAC, part of the MEP National Network™, was able to conduct a pre-assessment before the third-party audit by using funds from the Advanced Manufacturing Technology Services (AMTS) grant. Because of the level of detail and dedication necessary for achieving CMMC 2.0 Level 2 certification, successfully passing the assessment is a huge accomplishment for any company, especially for small companies like Aero-Glen with under 100 employees.
Over the past two years Aero-Glen has been developing their cybersecurity system and in 2022 they volunteered to undergo the Joint Surveillance Voluntary Assessment Program. The voluntary assessments are jointly conducted by CMMC-AB accredited third party assessment organizations and the DOD’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). A successful assessment qualifies Aero-Glen for CMMC 2.0 Level 2 certification, which allows them to sustain existing DOD contracts under current DFARS and pre-qualifies them for future ones.
Cybersecurity is a critical component of how we approach our markets, service our customers and integrate with our daily processes. The TMAC team was great in taking a pragmatic approach to a complex set of requirements, and proved we can achieve a sustainable cybersecurity program while enabling the business.
CMMC 2.0 is primarily based on NIST SP 800-171 guidelines. Together with Aero-Glen, TMAC covered each category of NIST SP-800-171 to determine the minimum defined expectation from NIST and DOD. TMAC used CMMC ePU Reference Documentation and tools licensed from DTC Global to provide definitive guidance.
TMAC relied on these tools, its deep understanding of NIST SP-800-171, the TMAC assessment methodology and Darold Tippey’s 29 years of military experience in information security to review Aero-Glen’s business processes and control measures. During this assessment the combined Aero-Glen TMAC team identified and corrected areas of deviation in interpretation, handling of and response to required controls, identified potential gaps in compliance and refined the system. They used CMMC ePU Reference Documentation to develop "overwhelming evidence" of their compliance as they addressed gaps and non-conformities. By studying Aero-Glen’s operations and processes, IT infrastructure, and the quality management system, the team d worked effectively to pass the assessment.