Precision Tool, located in Morgantown, West Virginia, provides high quality CNC machining and fabrication services with a 12,000-square-foot CNC machine shop and more than 50 years of industry experience and expertise. Throughout its history, Precision Tool has primarily thrived on business related to coal industry repair and rebuild services, but has also experienced the uncontrollable peaks and valleys associated with working in this industry.
Leadership looked to strategically broaden its focus and grow the business into other areas, including the Department of Defense (DOD) supply chain. As a small company with limited resources, the flow down of cybersecurity requirements were not only overwhelming but also very unclear to Precision Tool. Precision Tool leadership turned to the WVMEP, part of the MEP National Network™, for assistance.
The WVU Industrial Extension has long been a trusted resource for Precision Tool. Their ability to quickly adapt to our needs, help us understand what we need to do, and explain it all on a level that we understand has made them invaluable to our success. That is why we turned to WVUIE for our cybersecurity needs. Without their guidance and connection to the AIM Higher Consortium, I don’t know that we would have been able to comply with DOD requirements.
To help Precision Tool understand their current state and the a path to compliance, WVMEP partnered with MEP National Network colleagues at Catalyst Connection, part of the Pennsylvania MEP, to conduct a guided self-assessment of compliance to NIST 800-171. This assessment was conducted using FutureFeed, a visual dashboard that allows IT and leadership to make cyber governance decisions and manage compliance. The guided self-assessment, conducted over 4 virtual sessions, helped Precision Tool determine the CMMC level they would need to comply with, provided Precision Tool with an initial supplier performance risk system (SPRS) score, and a PoAM consisting of tasks to complete that would increase this score, and protect the company from cyber threats.
Precision Tool was overwhelmed and unsure of how they would execute their PoAM. WVMEP facilitated an introduction to InTech Solutions, Inc., a CMMC registered practitioner organization. InTech Solutions, Inc. had developed a CMMC Documentation Toolkit with the goal of saving hundreds of hours and numerous iterations often associated with creating documentation from scratch and also provides implementation assistance. InTech Solutions Inc. helped Precision Tool to understand the complexity involved and resources required to maintain compliance. To ensure Precision Tool adheres to its system security plan (SSP), Precision Tool has retained InTech Solutions Inc. to oversee its cybersecurity program.